Source: Doc.exe, 00000000.00000003.245606571.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://en.w |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://fontfabrik.com |
Source: dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmp | String found in binary or memory: http://tempuri.org/CSMDataSet.xsd |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmp | String found in binary or memory: http://www.carterandcone.com |
Source: Doc.exe, 00000000.00000003.245285187.00000000080E1000.00000004.00000001.sdmp | String found in binary or memory: http://www.carterandcone.com7 |
Source: Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmp | String found in binary or memory: http://www.carterandcone.com_ |
Source: Doc.exe, 00000000.00000003.245285187.00000000080E1000.00000004.00000001.sdmp | String found in binary or memory: http://www.carterandcone.come |
Source: Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmp | String found in binary or memory: http://www.carterandcone.comei |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.carterandcone.coml |
Source: Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmp | String found in binary or memory: http://www.carterandcone.como. |
Source: Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmp | String found in binary or memory: http://www.carterandcone.coms |
Source: Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmp | String found in binary or memory: http://www.carterandcone.comy |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com |
Source: dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers? |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designersG |
Source: Doc.exe, 00000000.00000003.272311376.00000000080DC000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.comB.TTFe |
Source: Doc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.comI.TTF |
Source: Doc.exe, 00000000.00000003.272311376.00000000080DC000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.coma |
Source: Doc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.comals |
Source: Doc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.comd |
Source: Doc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.comitud |
Source: Doc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.comm |
Source: Doc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.comoA |
Source: Doc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.comoitul |
Source: Doc.exe, 00000000.00000003.272311376.00000000080DC000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.comrz |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.fonts.com |
Source: Doc.exe, 00000000.00000003.244615811.00000000080E1000.00000004.00000001.sdmp, Doc.exe, 00000000.00000003.244042748.00000000080E0000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn |
Source: Doc.exe, 00000000.00000003.244057616.00000000080E6000.00000004.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn& |
Source: Doc.exe, 00000000.00000003.244615811.00000000080E1000.00000004.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/ |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: Doc.exe, 00000000.00000003.244615811.00000000080E1000.00000004.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cnX |
Source: Doc.exe, 00000000.00000003.251014283.00000000080E6000.00000004.00000001.sdmp | String found in binary or memory: http://www.galapagosdesign.com/ |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 00000000.00000003.251014283.00000000080E6000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.goodfont.co.kr |
Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: Doc.exe, 00000000.00000003.246980374.00000000080DB000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/$ |
Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/0 |
Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/6 |
Source: Doc.exe, 00000000.00000003.246853689.00000000080DC000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/A |
Source: Doc.exe, 00000000.00000003.246301474.00000000080D4000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/S |
Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0ldZ |
Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/i-f |
Source: Doc.exe, 00000000.00000003.246853689.00000000080DC000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/ |
Source: Doc.exe, 00000000.00000003.246853689.00000000080DC000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/6 |
Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/H |
Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/S |
Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/l |
Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/k-s |
Source: Doc.exe, 00000000.00000003.246461974.00000000080D7000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/l |
Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/n-u |
Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/w |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.sajatypeworks.com |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.sakkal.com |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.sandoll.co.kr |
Source: dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.tiro.com |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.typography.netD |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.urwpp.deDPlease |
Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmp | String found in binary or memory: http://www.zhongyicts.com.cn |
Source: Doc.exe, 00000000.00000003.245099691.00000000080E0000.00000004.00000001.sdmp | String found in binary or memory: http://www.zhongyicts.com.cn_ |
Source: Doc.exe, 00000000.00000003.245099691.00000000080E0000.00000004.00000001.sdmp | String found in binary or memory: http://www.zhongyicts.com.cne |
Source: Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmp | String found in binary or memory: http://www.zhongyicts.com.cnk |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E2594 | 0_2_019E2594 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E1D90 | 0_2_019E1D90 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E3D80 | 0_2_019E3D80 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E11B1 | 0_2_019E11B1 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019EFD28 | 0_2_019EFD28 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E6031 | 0_2_019E6031 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E907F | 0_2_019E907F |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E2F18 | 0_2_019E2F18 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E010C | 0_2_019E010C |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E3C8F | 0_2_019E3C8F |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E98B0 | 0_2_019E98B0 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E1CF9 | 0_2_019E1CF9 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E5C00 | 0_2_019E5C00 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E987D | 0_2_019E987D |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E5470 | 0_2_019E5470 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E5460 | 0_2_019E5460 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019EF7A8 | 0_2_019EF7A8 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E5BF0 | 0_2_019E5BF0 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E9318 | 0_2_019E9318 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E9309 | 0_2_019E9309 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E4A90 | 0_2_019E4A90 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E4A80 | 0_2_019E4A80 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E2A10 | 0_2_019E2A10 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E5A10 | 0_2_019E5A10 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E5A20 | 0_2_019E5A20 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E5E78 | 0_2_019E5E78 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E6A68 | 0_2_019E6A68 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_019E5E69 | 0_2_019E5E69 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_069D56F4 | 0_2_069D56F4 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_069D3B98 | 0_2_069D3B98 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_069D43F8 | 0_2_069D43F8 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_069D0988 | 0_2_069D0988 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_069D43E8 | 0_2_069D43E8 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_069D1890 | 0_2_069D1890 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_069D1880 | 0_2_069D1880 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_069D3C58 | 0_2_069D3C58 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_069D15D8 | 0_2_069D15D8 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_069D01E9 | 0_2_069D01E9 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_069D15E8 | 0_2_069D15E8 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_069D097A | 0_2_069D097A |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_09331D09 | 0_2_09331D09 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 0_2_09333B80 | 0_2_09333B80 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 5_2_004A9098 | 5_2_004A9098 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 6_2_00DE9098 | 6_2_00DE9098 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 6_2_030B2FA8 | 6_2_030B2FA8 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 6_2_030B23A0 | 6_2_030B23A0 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 6_2_030B9A78 | 6_2_030B9A78 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 6_2_030B8E78 | 6_2_030B8E78 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 6_2_030BB6D8 | 6_2_030BB6D8 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 6_2_030B3850 | 6_2_030B3850 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 6_2_030BA320 | 6_2_030BA320 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 6_2_030B9B3F | 6_2_030B9B3F |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 6_2_030B306F | 6_2_030B306F |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B2F18 | 13_2_031B2F18 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B1229 | 13_2_031B1229 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031BFD28 | 13_2_031BFD28 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B1D90 | 13_2_031B1D90 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B2594 | 13_2_031B2594 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B3D80 | 13_2_031B3D80 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B6031 | 13_2_031B6031 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031BA420 | 13_2_031BA420 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B907F | 13_2_031B907F |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B9318 | 13_2_031B9318 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B9309 | 13_2_031B9309 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031BF7A8 | 13_2_031BF7A8 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B5BF0 | 13_2_031B5BF0 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B2A10 | 13_2_031B2A10 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B5A10 | 13_2_031B5A10 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B5A20 | 13_2_031B5A20 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B5E78 | 13_2_031B5E78 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B5E69 | 13_2_031B5E69 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B6A68 | 13_2_031B6A68 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B4A90 | 13_2_031B4A90 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B4A80 | 13_2_031B4A80 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B6AE3 | 13_2_031B6AE3 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B010C | 13_2_031B010C |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B5C00 | 13_2_031B5C00 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B5470 | 13_2_031B5470 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B5460 | 13_2_031B5460 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B3C9E | 13_2_031B3C9E |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B98B0 | 13_2_031B98B0 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B3CA5 | 13_2_031B3CA5 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_031B1CF9 | 13_2_031B1CF9 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_05B00988 | 13_2_05B00988 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_05B03B98 | 13_2_05B03B98 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_05B043F8 | 13_2_05B043F8 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_05B056F4 | 13_2_05B056F4 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_05B015E8 | 13_2_05B015E8 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_05B001E9 | 13_2_05B001E9 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_05B015D8 | 13_2_05B015D8 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_05B0097A | 13_2_05B0097A |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_05B01890 | 13_2_05B01890 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_05B01880 | 13_2_05B01880 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_05B03C58 | 13_2_05B03C58 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_05B01370 | 13_2_05B01370 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_070D1D09 | 13_2_070D1D09 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_070D3B52 | 13_2_070D3B52 |
Source: C:\Users\user\Desktop\Doc.exe | Code function: 13_2_070D3B80 | 13_2_070D3B80 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02982F18 | 15_2_02982F18 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02986031 | 15_2_02986031 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_0298907F | 15_2_0298907F |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02981D90 | 15_2_02981D90 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02982589 | 15_2_02982589 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02983D80 | 15_2_02983D80 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_029811B1 | 15_2_029811B1 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_0298FD28 | 15_2_0298FD28 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02984A90 | 15_2_02984A90 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02984A80 | 15_2_02984A80 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02982A10 | 15_2_02982A10 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02985A10 | 15_2_02985A10 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02985A20 | 15_2_02985A20 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02985E78 | 15_2_02985E78 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02986A68 | 15_2_02986A68 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02985E69 | 15_2_02985E69 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_0298F7A8 | 15_2_0298F7A8 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02985BF0 | 15_2_02985BF0 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02989318 | 15_2_02989318 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02989309 | 15_2_02989309 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02983C8F | 15_2_02983C8F |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_029898B0 | 15_2_029898B0 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02981CF9 | 15_2_02981CF9 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02985C00 | 15_2_02985C00 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_0298987D | 15_2_0298987D |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02985470 | 15_2_02985470 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02985460 | 15_2_02985460 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_02980102 | 15_2_02980102 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_05750988 | 15_2_05750988 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_057543F8 | 15_2_057543F8 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_05753B98 | 15_2_05753B98 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_057556F4 | 15_2_057556F4 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_0575097B | 15_2_0575097B |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_057501E9 | 15_2_057501E9 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_057515E8 | 15_2_057515E8 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_057515D8 | 15_2_057515D8 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_05753C58 | 15_2_05753C58 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_05751890 | 15_2_05751890 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_05751880 | 15_2_05751880 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_057543E8 | 15_2_057543E8 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_0575EAA8 | 15_2_0575EAA8 |
Source: 0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0000001C.00000002.361008474.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0000001C.00000002.361008474.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000016.00000002.335391118.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000016.00000002.335391118.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000002.278969734.00000000073FA000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.278969734.00000000073FA000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0000000D.00000002.330365901.00000000047AD000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0000000D.00000002.330365901.00000000047AD000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0000000F.00000002.328137753.0000000003EDD000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0000000F.00000002.328137753.0000000003EDD000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000016.00000002.339287751.0000000002D21000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0000001C.00000002.364312350.0000000003561000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000002.595250143.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000006.00000002.595250143.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000013.00000002.355278131.0000000006CBA000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000013.00000002.355278131.0000000006CBA000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: Doc.exe PID: 1460, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: Doc.exe PID: 1460, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: Doc.exe PID: 3848, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: Doc.exe PID: 3848, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: Doc.exe PID: 6524, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: Doc.exe PID: 6524, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 28.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 28.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 28.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 6.2.Doc.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 6.2.Doc.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 6.2.Doc.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 22.2.Doc.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 22.2.Doc.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 22.2.Doc.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO [dbo].[MANUF_ORDER] ([ORDER_ID], [EMPLOYEE_ID], [CAR_ID], [MANUFACTURER_ID], [ORDER_DATE], [BILL]) VALUES (@ORDER_ID, @EMPLOYEE_ID, @CAR_ID, @MANUFACTURER_ID, @ORDER_DATE, @BILL); |
Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmp | Binary or memory string: UPDATE [dbo].[EMPLOYEE] SET [EMPLOYEE_ID] = @EMPLOYEE_ID, [EMPLOYEE_NAME] = @EMPLOYEE_NAME, [EMPLOYEE_PASSWORD] = @EMPLOYEE_PASSWORD, [EMPLOYEE_CONTACT] = @EMPLOYEE_CONTACT, [EMPLOYEE_ADDRESS] = @EMPLOYEE_ADDRESS, [EMPLOYEE_EMAIL] = @EMPLOYEE_EMAIL, [EMPLOYEE_DESIGNATION] = @EMPLOYEE_DESIGNATION WHERE (([EMPLOYEE_ID] = @Original_EMPLOYEE_ID) AND ([EMPLOYEE_NAME] = @Original_EMPLOYEE_NAME) AND ([EMPLOYEE_PASSWORD] = @Original_EMPLOYEE_PASSWORD) AND ([EMPLOYEE_CONTACT] = @Original_EMPLOYEE_CONTACT) AND ([EMPLOYEE_ADDRESS] = @Original_EMPLOYEE_ADDRESS) AND ([EMPLOYEE_EMAIL] = @Original_EMPLOYEE_EMAIL) AND ([EMPLOYEE_DESIGNATION] = @Original_EMPLOYEE_DESIGNATION)); |
Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO [dbo].[EMPLOYEE] ([EMPLOYEE_ID], [EMPLOYEE_NAME], [EMPLOYEE_PASSWORD], [EMPLOYEE_CONTACT], [EMPLOYEE_ADDRESS], [EMPLOYEE_EMAIL], [EMPLOYEE_DESIGNATION]) VALUES (@EMPLOYEE_ID, @EMPLOYEE_NAME, @EMPLOYEE_PASSWORD, @EMPLOYEE_CONTACT, @EMPLOYEE_ADDRESS, @EMPLOYEE_EMAIL, @EMPLOYEE_DESIGNATION); |
Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmp | Binary or memory string: UPDATE [dbo].[Car] SET [CAR_ID] = @CAR_ID, [CAR_NAME] = @CAR_NAME, [CAR_MODEL] = @CAR_MODEL, [CAR_COMPANY] = @CAR_COMPANY, [CAR_STATUS] = @CAR_STATUS, [CAR_PRICE] = @CAR_PRICE WHERE (([CAR_ID] = @Original_CAR_ID) AND ([CAR_NAME] = @Original_CAR_NAME) AND ([CAR_MODEL] = @Original_CAR_MODEL) AND ([CAR_COMPANY] = @Original_CAR_COMPANY) AND ([CAR_STATUS] = @Original_CAR_STATUS) AND ([CAR_PRICE] = @Original_CAR_PRICE)); |
Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO [dbo].[MANUFACTURER] ([MANUFACTURER_ID], [MANUFACTURER_NAME], [MANUFACTURER_EMAIL], [MANUFACTURER_ADDRESS], [MANUFACTURER_CONTACT]) VALUES (@MANUFACTURER_ID, @MANUFACTURER_NAME, @MANUFACTURER_EMAIL, @MANUFACTURER_ADDRESS, @MANUFACTURER_CONTACT); |
Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO [dbo].[Car] ([CAR_ID], [CAR_NAME], [CAR_MODEL], [CAR_COMPANY], [CAR_STATUS], [CAR_PRICE]) VALUES (@CAR_ID, @CAR_NAME, @CAR_MODEL, @CAR_COMPANY, @CAR_STATUS, @CAR_PRICE); |
Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmp | Binary or memory string: UPDATE [dbo].[CUSTOMER_ORDER] SET [ORDER_ID] = @ORDER_ID, [EMPLOYEE_ID] = @EMPLOYEE_ID, [CAR_ID] = @CAR_ID, [CUSTOMER_CNIC] = @CUSTOMER_CNIC, [ORDER_DATE] = @ORDER_DATE, [BILL] = @BILL WHERE (([ORDER_ID] = @Original_ORDER_ID) AND ((@IsNull_EMPLOYEE_ID = 1 AND [EMPLOYEE_ID] IS NULL) OR ([EMPLOYEE_ID] = @Original_EMPLOYEE_ID)) AND ((@IsNull_CAR_ID = 1 AND [CAR_ID] IS NULL) OR ([CAR_ID] = @Original_CAR_ID)) AND ((@IsNull_CUSTOMER_CNIC = 1 AND [CUSTOMER_CNIC] IS NULL) OR ([CUSTOMER_CNIC] = @Original_CUSTOMER_CNIC)) AND ([ORDER_DATE] = @Original_ORDER_DATE) AND ([BILL] = @Original_BILL)); |
Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO [dbo].[CUSTOMER] ([CUSTOMER_CNIC], [CUSTOMER_NAME], [CUSTOMER_CONTACT], [CUSTOMER_ADDRESS]) VALUES (@CUSTOMER_CNIC, @CUSTOMER_NAME, @CUSTOMER_CONTACT, @CUSTOMER_ADDRESS); |
Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmp | Binary or memory string: UPDATE [dbo].[CUSTOMER] SET [CUSTOMER_CNIC] = @CUSTOMER_CNIC, [CUSTOMER_NAME] = @CUSTOMER_NAME, [CUSTOMER_CONTACT] = @CUSTOMER_CONTACT, [CUSTOMER_ADDRESS] = @CUSTOMER_ADDRESS WHERE (([CUSTOMER_CNIC] = @Original_CUSTOMER_CNIC) AND ([CUSTOMER_NAME] = @Original_CUSTOMER_NAME) AND ([CUSTOMER_CONTACT] = @Original_CUSTOMER_CONTACT) AND ([CUSTOMER_ADDRESS] = @Original_CUSTOMER_ADDRESS)); |
Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO [dbo].[CUSTOMER_ORDER] ([ORDER_ID], [EMPLOYEE_ID], [CAR_ID], [CUSTOMER_CNIC], [ORDER_DATE], [BILL]) VALUES (@ORDER_ID, @EMPLOYEE_ID, @CAR_ID, @CUSTOMER_CNIC, @ORDER_DATE, @BILL); |
Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmp | Binary or memory string: UPDATE [dbo].[MANUF_ORDER] SET [ORDER_ID] = @ORDER_ID, [EMPLOYEE_ID] = @EMPLOYEE_ID, [CAR_ID] = @CAR_ID, [MANUFACTURER_ID] = @MANUFACTURER_ID, [ORDER_DATE] = @ORDER_DATE, [BILL] = @BILL WHERE (([ORDER_ID] = @Original_ORDER_ID) AND ((@IsNull_EMPLOYEE_ID = 1 AND [EMPLOYEE_ID] IS NULL) OR ([EMPLOYEE_ID] = @Original_EMPLOYEE_ID)) AND ((@IsNull_CAR_ID = 1 AND [CAR_ID] IS NULL) OR ([CAR_ID] = @Original_CAR_ID)) AND ((@IsNull_MANUFACTURER_ID = 1 AND [MANUFACTURER_ID] IS NULL) OR ([MANUFACTURER_ID] = @Original_MANUFACTURER_ID)) AND ([ORDER_DATE] = @Original_ORDER_DATE) AND ([BILL] = @Original_BILL)); |
Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmp | Binary or memory string: UPDATE [dbo].[MANUFACTURER] SET [MANUFACTURER_ID] = @MANUFACTURER_ID, [MANUFACTURER_NAME] = @MANUFACTURER_NAME, [MANUFACTURER_EMAIL] = @MANUFACTURER_EMAIL, [MANUFACTURER_ADDRESS] = @MANUFACTURER_ADDRESS, [MANUFACTURER_CONTACT] = @MANUFACTURER_CONTACT WHERE (([MANUFACTURER_ID] = @Original_MANUFACTURER_ID) AND ([MANUFACTURER_NAME] = @Original_MANUFACTURER_NAME) AND ([MANUFACTURER_EMAIL] = @Original_MANUFACTURER_EMAIL) AND ([MANUFACTURER_ADDRESS] = @Original_MANUFACTURER_ADDRESS) AND ([MANUFACTURER_CONTACT] = @Original_MANUFACTURER_CONTACT)); |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Doc.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |