Windows Analysis Report
Legalia2Setup.msi

Overview

General Information

Sample name: Legalia2Setup.msi
Analysis ID: 1433161
MD5: 0a216a9077bd6cfc068733f066135328
SHA1: 3dfcd675381a7669d1d9ddbb075277f54c7abf3f
SHA256: f2077ee5d8d323fcae3e098a94e893891fd086bf0cc82234669259a00a7d077b
Infos:

Detection

Score: 5
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory

Classification

Source: unknown HTTPS traffic detected: 217.114.136.30:443 -> 192.168.2.16:49705 version: TLS 1.2
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z:
Source: C:\Windows\System32\msiexec.exe File opened: x:
Source: C:\Windows\System32\msiexec.exe File opened: v:
Source: C:\Windows\System32\msiexec.exe File opened: t:
Source: C:\Windows\System32\msiexec.exe File opened: r:
Source: C:\Windows\System32\msiexec.exe File opened: p:
Source: C:\Windows\System32\msiexec.exe File opened: n:
Source: C:\Windows\System32\msiexec.exe File opened: l:
Source: C:\Windows\System32\msiexec.exe File opened: j:
Source: C:\Windows\System32\msiexec.exe File opened: h:
Source: C:\Windows\System32\msiexec.exe File opened: f:
Source: C:\Windows\System32\msiexec.exe File opened: b:
Source: C:\Windows\System32\msiexec.exe File opened: y:
Source: C:\Windows\System32\msiexec.exe File opened: w:
Source: C:\Windows\System32\msiexec.exe File opened: u:
Source: C:\Windows\System32\msiexec.exe File opened: s:
Source: C:\Windows\System32\msiexec.exe File opened: q:
Source: C:\Windows\System32\msiexec.exe File opened: o:
Source: C:\Windows\System32\msiexec.exe File opened: m:
Source: C:\Windows\System32\msiexec.exe File opened: k:
Source: C:\Windows\System32\msiexec.exe File opened: i:
Source: C:\Windows\System32\msiexec.exe File opened: g:
Source: C:\Windows\System32\msiexec.exe File opened: e:
Source: C:\Windows\SysWOW64\msiexec.exe File opened: c:
Source: C:\Windows\System32\msiexec.exe File opened: a:
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: www.registradores.org
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown HTTPS traffic detected: 217.114.136.30:443 -> 192.168.2.16:49705 version: TLS 1.2
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\610ce8.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1005.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI10E1.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1140.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Fonts\code128.ttf
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}\_853F67D554F05449430E7E.exe
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}\_DB919AB071B372378E83C6.exe
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}\_8EB7ECF2B5D57C13BA030B.exe
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1567.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\610cea.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\610cea.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI179B.tmp
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI1005.tmp
Source: classification engine Classification label: clean5.winMSI@11/36@1/4
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CORPME
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\Public\Desktop\Legalia 2.lnk
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Mutant created: NULL
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSIDF70.tmp
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Windows\System32\msiexec.exe File read: C:\Windows\win.ini
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknown Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Legalia2Setup.msi"
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E8FCA13A9B1F3AAD387632723CDFE49A C
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E8FCA13A9B1F3AAD387632723CDFE49A C
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B5180FC8933C915E692FB8B14039806C
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F323B315522CA4C777CC6963F4839EA9 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe" /uninstall {590F466A-69D5-4C29-B0C2-3AC05CBFEF07} /quiet
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B5180FC8933C915E692FB8B14039806C
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F323B315522CA4C777CC6963F4839EA9 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe" /uninstall {590F466A-69D5-4C29-B0C2-3AC05CBFEF07} /quiet
Source: unknown Process created: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe "C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe"
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: textinputframework.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: coremessaging.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: propsys.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: textshaping.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msihnd.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: dwmapi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: oleacc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: windowscodecs.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: riched20.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: usp10.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msls31.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: dwrite.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: srclient.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: spp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: vssapi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: vsstrace.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: edputil.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: appresolver.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: slc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: mscoree.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: apphelp.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: version.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: dwrite.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: textshaping.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: windowscodecs.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: wintypes.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: wintypes.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: wintypes.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: rasman.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: rtutils.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: winhttp.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: winnsi.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: secur32.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: sspicli.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: schannel.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: msasn1.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: gpapi.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: wininet.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: iertutil.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: amsi.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Section loaded: userenv.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
Source: Legalia2Setup.msi Static file information: File size 7300096 > 1048576
Drops PE files
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CORPME\Legalia 2\System.IO.Compression.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CORPME\Legalia 2\CORPME.SECURITY.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CORPME\Legalia 2\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CORPME\Legalia 2\NLog.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CORPME\Legalia 2\CorpmeeFE.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.ProcessingObjectModel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSIDFEE.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CORPME\Legalia 2\CORPMEeFirma.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.WinForms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CORPME\Legalia 2\System.Net.Http.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CORPME\Legalia 2\itextsharp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2Installer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1567.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.Common.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1567.tmp Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legalia 2.lnk
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Process information set: NOOPENFILEERRORBOX
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Memory allocated: 35F0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Memory allocated: 3790000 memory reserve | memory write watch
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Memory allocated: 5790000 memory reserve | memory write watch
Found dropped PE file which has not been started or loaded
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\CORPME.SECURITY.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\System.IO.Compression.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\NLog.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\CorpmeeFE.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.ProcessingObjectModel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIDFEE.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\CORPMEeFirma.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.WinForms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\System.Net.Http.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\itextsharp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI1567.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2Installer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.Common.dll Jump to dropped file
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Memory allocated: page read and write | page guard
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe" /uninstall {590F466A-69D5-4C29-B0C2-3AC05CBFEF07} /quiet
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2Installer.dll VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\userbrili.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\code128.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
217.114.136.30
 www.registradores.org Spain
25267 CORPME-ASCDiegodeLeon21ES false

Contacted Domains

Name IP Active
www.registradores.org 217.114.136.30 true