| Source: RFQ.exe | String found in binary or memory: http://code.google.com/feeds/p/topicalmemorysystem/downloads/basic.xml |
| Source: RFQ.exe | String found in binary or memory: http://code.google.com/p/topicalmemorysystem/ |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://fontfabrik.com |
| Source: RFQ.exe | String found in binary or memory: http://topicalmemorysystem.googlecode.com/files/ |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
| Source: explorer.exe, 00000008.00000002.593605277.000000000095C000.00000004.00000020.sdmp | String found in binary or memory: http://www.autoitscript.com/autoit3/J |
| Source: RFQ.exe | String found in binary or memory: http://www.biblegateway.com/passage/?search= |
| Source: RFQ.exe | String found in binary or memory: http://www.biblija.net/biblija.cgi?m= |
| Source: RFQ.exe | String found in binary or memory: http://www.blueletterbible.org/Bible.cfm?b= |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.carterandcone.coml |
| Source: RFQ.exe | String found in binary or memory: http://www.esvstudybible.org/search?q= |
| Source: RFQ.exe | String found in binary or memory: http://www.esvstudybible.org/search?q=Whttp://www.blueletterbible.org/Bible.cfm?b= |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com |
| Source: explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/? |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers8 |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers? |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designersG |
| Source: RFQ.exe, 00000000.00000002.393740196.0000000001617000.00000004.00000040.sdmp | String found in binary or memory: http://www.fontbureau.comas |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.fonts.com |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/bThe |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/cThe |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.galapagosdesign.com/DPlease |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.goodfont.co.kr |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.sajatypeworks.com |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.sakkal.com |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.sandoll.co.kr |
| Source: rundll32.exe, 0000000E.00000002.598194730.000000000502F000.00000004.00000001.sdmp | String found in binary or memory: http://www.skincolored.com |
| Source: rundll32.exe, 0000000E.00000002.598194730.000000000502F000.00000004.00000001.sdmp | String found in binary or memory: http://www.skincolored.com/ |
| Source: explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.tiro.com |
| Source: RFQ.exe, 00000000.00000003.334811267.000000000161C000.00000004.00000001.sdmp | String found in binary or memory: http://www.tiro.comn |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.typography.netD |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.urwpp.deDPlease |
| Source: RFQ.exe, 00000000.00000002.404338495.0000000005E50000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.425007365.000000000B1A0000.00000002.00000001.sdmp | String found in binary or memory: http://www.zhongyicts.com.cn |
| Source: C:\Users\user\Desktop\RFQ.exe | Code function: 7_2_00419D60 NtCreateFile, | 7_2_00419D60 |
| Source: C:\Users\user\Desktop\RFQ.exe | Code function: 7_2_00419E10 NtReadFile, | 7_2_00419E10 |
| Source: C:\Users\user\Desktop\RFQ.exe | Code function: 7_2_00419E90 NtClose, | 7_2_00419E90 |
| Source: C:\Users\user\Desktop\RFQ.exe | Code function: 7_2_00419F40 NtAllocateVirtualMemory, | 7_2_00419F40 |
| Source: C:\Users\user\Desktop\RFQ.exe | Code function: 7_2_00419E0B NtReadFile, | 7_2_00419E0B |
| Source: C:\Users\user\Desktop\RFQ.exe | Code function: 7_2_00419E8A NtClose, | 7_2_00419E8A |
| Source: C:\Users\user\Desktop\RFQ.exe | Code function: 7_2_00419F3A NtAllocateVirtualMemory, | 7_2_00419F3A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679540 NtReadFile,LdrInitializeThunk, | 14_2_04679540 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046795D0 NtClose,LdrInitializeThunk, | 14_2_046795D0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679660 NtAllocateVirtualMemory,LdrInitializeThunk, | 14_2_04679660 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679650 NtQueryValueKey,LdrInitializeThunk, | 14_2_04679650 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046796E0 NtFreeVirtualMemory,LdrInitializeThunk, | 14_2_046796E0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046796D0 NtCreateKey,LdrInitializeThunk, | 14_2_046796D0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679710 NtQueryInformationToken,LdrInitializeThunk, | 14_2_04679710 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679FE0 NtCreateMutant,LdrInitializeThunk, | 14_2_04679FE0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679780 NtMapViewOfSection,LdrInitializeThunk, | 14_2_04679780 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679860 NtQuerySystemInformation,LdrInitializeThunk, | 14_2_04679860 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679840 NtDelayExecution,LdrInitializeThunk, | 14_2_04679840 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679910 NtAdjustPrivilegesToken,LdrInitializeThunk, | 14_2_04679910 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046799A0 NtCreateSection,LdrInitializeThunk, | 14_2_046799A0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679A50 NtCreateFile,LdrInitializeThunk, | 14_2_04679A50 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679560 NtWriteFile, | 14_2_04679560 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679520 NtWaitForSingleObject, | 14_2_04679520 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0467AD30 NtSetContextThread, | 14_2_0467AD30 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046795F0 NtQueryInformationFile, | 14_2_046795F0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679670 NtQueryInformationProcess, | 14_2_04679670 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679610 NtEnumerateValueKey, | 14_2_04679610 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679760 NtOpenProcess, | 14_2_04679760 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0467A770 NtOpenThread, | 14_2_0467A770 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679770 NtSetInformationFile, | 14_2_04679770 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679730 NtQueryVirtualMemory, | 14_2_04679730 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0467A710 NtOpenProcessToken, | 14_2_0467A710 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046797A0 NtUnmapViewOfSection, | 14_2_046797A0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0467B040 NtSuspendThread, | 14_2_0467B040 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679820 NtEnumerateKey, | 14_2_04679820 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046798F0 NtReadVirtualMemory, | 14_2_046798F0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046798A0 NtWriteVirtualMemory, | 14_2_046798A0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679950 NtQueueApcThread, | 14_2_04679950 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046799D0 NtCreateProcessEx, | 14_2_046799D0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679A20 NtResumeThread, | 14_2_04679A20 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679A00 NtProtectVirtualMemory, | 14_2_04679A00 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679A10 NtQuerySection, | 14_2_04679A10 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679A80 NtOpenDirectoryObject, | 14_2_04679A80 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04679B00 NtSetValueKey, | 14_2_04679B00 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0467A3B0 NtGetContextThread, | 14_2_0467A3B0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_00659D60 NtCreateFile, | 14_2_00659D60 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_00659E10 NtReadFile, | 14_2_00659E10 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_00659E90 NtClose, | 14_2_00659E90 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_00659F40 NtAllocateVirtualMemory, | 14_2_00659F40 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_00659E0B NtReadFile, | 14_2_00659E0B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_00659E8A NtClose, | 14_2_00659E8A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_00659F3A NtAllocateVirtualMemory, | 14_2_00659F3A |
| Source: 00000007.00000002.444247401.0000000001220000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000007.00000002.444247401.0000000001220000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000E.00000002.593192539.0000000000A30000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000E.00000002.593192539.0000000000A30000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000000.00000002.395391792.0000000003DD9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000000.00000002.395391792.0000000003DD9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000E.00000002.592662426.0000000000640000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000E.00000002.592662426.0000000000640000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000007.00000002.443676021.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000007.00000002.443676021.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000007.00000002.444182169.00000000011F0000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000007.00000002.444182169.00000000011F0000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000E.00000002.593093257.0000000000840000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000E.00000002.593093257.0000000000840000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 7.2.RFQ.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 7.2.RFQ.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 7.2.RFQ.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 7.2.RFQ.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0465746D mov eax, dword ptr fs:[00000030h] | 14_2_0465746D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466A44B mov eax, dword ptr fs:[00000030h] | 14_2_0466A44B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046CC450 mov eax, dword ptr fs:[00000030h] | 14_2_046CC450 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046CC450 mov eax, dword ptr fs:[00000030h] | 14_2_046CC450 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466BC2C mov eax, dword ptr fs:[00000030h] | 14_2_0466BC2C |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B6C0A mov eax, dword ptr fs:[00000030h] | 14_2_046B6C0A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B6C0A mov eax, dword ptr fs:[00000030h] | 14_2_046B6C0A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B6C0A mov eax, dword ptr fs:[00000030h] | 14_2_046B6C0A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B6C0A mov eax, dword ptr fs:[00000030h] | 14_2_046B6C0A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h] | 14_2_046F1C06 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h] | 14_2_046F1C06 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h] | 14_2_046F1C06 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h] | 14_2_046F1C06 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h] | 14_2_046F1C06 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h] | 14_2_046F1C06 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h] | 14_2_046F1C06 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h] | 14_2_046F1C06 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h] | 14_2_046F1C06 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h] | 14_2_046F1C06 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h] | 14_2_046F1C06 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h] | 14_2_046F1C06 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h] | 14_2_046F1C06 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h] | 14_2_046F1C06 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0470740D mov eax, dword ptr fs:[00000030h] | 14_2_0470740D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0470740D mov eax, dword ptr fs:[00000030h] | 14_2_0470740D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0470740D mov eax, dword ptr fs:[00000030h] | 14_2_0470740D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F14FB mov eax, dword ptr fs:[00000030h] | 14_2_046F14FB |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B6CF0 mov eax, dword ptr fs:[00000030h] | 14_2_046B6CF0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B6CF0 mov eax, dword ptr fs:[00000030h] | 14_2_046B6CF0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B6CF0 mov eax, dword ptr fs:[00000030h] | 14_2_046B6CF0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04708CD6 mov eax, dword ptr fs:[00000030h] | 14_2_04708CD6 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0464849B mov eax, dword ptr fs:[00000030h] | 14_2_0464849B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0465C577 mov eax, dword ptr fs:[00000030h] | 14_2_0465C577 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0465C577 mov eax, dword ptr fs:[00000030h] | 14_2_0465C577 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04673D43 mov eax, dword ptr fs:[00000030h] | 14_2_04673D43 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B3540 mov eax, dword ptr fs:[00000030h] | 14_2_046B3540 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04657D50 mov eax, dword ptr fs:[00000030h] | 14_2_04657D50 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04708D34 mov eax, dword ptr fs:[00000030h] | 14_2_04708D34 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h] | 14_2_04643D34 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h] | 14_2_04643D34 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h] | 14_2_04643D34 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h] | 14_2_04643D34 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h] | 14_2_04643D34 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h] | 14_2_04643D34 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h] | 14_2_04643D34 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h] | 14_2_04643D34 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h] | 14_2_04643D34 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h] | 14_2_04643D34 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h] | 14_2_04643D34 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h] | 14_2_04643D34 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h] | 14_2_04643D34 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463AD30 mov eax, dword ptr fs:[00000030h] | 14_2_0463AD30 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046FE539 mov eax, dword ptr fs:[00000030h] | 14_2_046FE539 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046BA537 mov eax, dword ptr fs:[00000030h] | 14_2_046BA537 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04664D3B mov eax, dword ptr fs:[00000030h] | 14_2_04664D3B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04664D3B mov eax, dword ptr fs:[00000030h] | 14_2_04664D3B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04664D3B mov eax, dword ptr fs:[00000030h] | 14_2_04664D3B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0464D5E0 mov eax, dword ptr fs:[00000030h] | 14_2_0464D5E0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0464D5E0 mov eax, dword ptr fs:[00000030h] | 14_2_0464D5E0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046FFDE2 mov eax, dword ptr fs:[00000030h] | 14_2_046FFDE2 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046FFDE2 mov eax, dword ptr fs:[00000030h] | 14_2_046FFDE2 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046FFDE2 mov eax, dword ptr fs:[00000030h] | 14_2_046FFDE2 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046FFDE2 mov eax, dword ptr fs:[00000030h] | 14_2_046FFDE2 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046E8DF1 mov eax, dword ptr fs:[00000030h] | 14_2_046E8DF1 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B6DC9 mov eax, dword ptr fs:[00000030h] | 14_2_046B6DC9 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B6DC9 mov eax, dword ptr fs:[00000030h] | 14_2_046B6DC9 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B6DC9 mov eax, dword ptr fs:[00000030h] | 14_2_046B6DC9 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B6DC9 mov ecx, dword ptr fs:[00000030h] | 14_2_046B6DC9 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B6DC9 mov eax, dword ptr fs:[00000030h] | 14_2_046B6DC9 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B6DC9 mov eax, dword ptr fs:[00000030h] | 14_2_046B6DC9 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046635A1 mov eax, dword ptr fs:[00000030h] | 14_2_046635A1 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04661DB5 mov eax, dword ptr fs:[00000030h] | 14_2_04661DB5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04661DB5 mov eax, dword ptr fs:[00000030h] | 14_2_04661DB5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04661DB5 mov eax, dword ptr fs:[00000030h] | 14_2_04661DB5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_047005AC mov eax, dword ptr fs:[00000030h] | 14_2_047005AC |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_047005AC mov eax, dword ptr fs:[00000030h] | 14_2_047005AC |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04662581 mov eax, dword ptr fs:[00000030h] | 14_2_04662581 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04662581 mov eax, dword ptr fs:[00000030h] | 14_2_04662581 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04662581 mov eax, dword ptr fs:[00000030h] | 14_2_04662581 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04662581 mov eax, dword ptr fs:[00000030h] | 14_2_04662581 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04632D8A mov eax, dword ptr fs:[00000030h] | 14_2_04632D8A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04632D8A mov eax, dword ptr fs:[00000030h] | 14_2_04632D8A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04632D8A mov eax, dword ptr fs:[00000030h] | 14_2_04632D8A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04632D8A mov eax, dword ptr fs:[00000030h] | 14_2_04632D8A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04632D8A mov eax, dword ptr fs:[00000030h] | 14_2_04632D8A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466FD9B mov eax, dword ptr fs:[00000030h] | 14_2_0466FD9B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466FD9B mov eax, dword ptr fs:[00000030h] | 14_2_0466FD9B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0464766D mov eax, dword ptr fs:[00000030h] | 14_2_0464766D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0465AE73 mov eax, dword ptr fs:[00000030h] | 14_2_0465AE73 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0465AE73 mov eax, dword ptr fs:[00000030h] | 14_2_0465AE73 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0465AE73 mov eax, dword ptr fs:[00000030h] | 14_2_0465AE73 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0465AE73 mov eax, dword ptr fs:[00000030h] | 14_2_0465AE73 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0465AE73 mov eax, dword ptr fs:[00000030h] | 14_2_0465AE73 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04647E41 mov eax, dword ptr fs:[00000030h] | 14_2_04647E41 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04647E41 mov eax, dword ptr fs:[00000030h] | 14_2_04647E41 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04647E41 mov eax, dword ptr fs:[00000030h] | 14_2_04647E41 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04647E41 mov eax, dword ptr fs:[00000030h] | 14_2_04647E41 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04647E41 mov eax, dword ptr fs:[00000030h] | 14_2_04647E41 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04647E41 mov eax, dword ptr fs:[00000030h] | 14_2_04647E41 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046FAE44 mov eax, dword ptr fs:[00000030h] | 14_2_046FAE44 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046FAE44 mov eax, dword ptr fs:[00000030h] | 14_2_046FAE44 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463E620 mov eax, dword ptr fs:[00000030h] | 14_2_0463E620 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046EFE3F mov eax, dword ptr fs:[00000030h] | 14_2_046EFE3F |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463C600 mov eax, dword ptr fs:[00000030h] | 14_2_0463C600 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463C600 mov eax, dword ptr fs:[00000030h] | 14_2_0463C600 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463C600 mov eax, dword ptr fs:[00000030h] | 14_2_0463C600 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04668E00 mov eax, dword ptr fs:[00000030h] | 14_2_04668E00 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F1608 mov eax, dword ptr fs:[00000030h] | 14_2_046F1608 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466A61C mov eax, dword ptr fs:[00000030h] | 14_2_0466A61C |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466A61C mov eax, dword ptr fs:[00000030h] | 14_2_0466A61C |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046616E0 mov ecx, dword ptr fs:[00000030h] | 14_2_046616E0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046476E2 mov eax, dword ptr fs:[00000030h] | 14_2_046476E2 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04678EC7 mov eax, dword ptr fs:[00000030h] | 14_2_04678EC7 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04708ED6 mov eax, dword ptr fs:[00000030h] | 14_2_04708ED6 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046636CC mov eax, dword ptr fs:[00000030h] | 14_2_046636CC |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046EFEC0 mov eax, dword ptr fs:[00000030h] | 14_2_046EFEC0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B46A7 mov eax, dword ptr fs:[00000030h] | 14_2_046B46A7 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04700EA5 mov eax, dword ptr fs:[00000030h] | 14_2_04700EA5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04700EA5 mov eax, dword ptr fs:[00000030h] | 14_2_04700EA5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04700EA5 mov eax, dword ptr fs:[00000030h] | 14_2_04700EA5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046CFE87 mov eax, dword ptr fs:[00000030h] | 14_2_046CFE87 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0464FF60 mov eax, dword ptr fs:[00000030h] | 14_2_0464FF60 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04708F6A mov eax, dword ptr fs:[00000030h] | 14_2_04708F6A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0464EF40 mov eax, dword ptr fs:[00000030h] | 14_2_0464EF40 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04634F2E mov eax, dword ptr fs:[00000030h] | 14_2_04634F2E |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04634F2E mov eax, dword ptr fs:[00000030h] | 14_2_04634F2E |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466E730 mov eax, dword ptr fs:[00000030h] | 14_2_0466E730 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466A70E mov eax, dword ptr fs:[00000030h] | 14_2_0466A70E |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466A70E mov eax, dword ptr fs:[00000030h] | 14_2_0466A70E |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0465F716 mov eax, dword ptr fs:[00000030h] | 14_2_0465F716 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046CFF10 mov eax, dword ptr fs:[00000030h] | 14_2_046CFF10 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046CFF10 mov eax, dword ptr fs:[00000030h] | 14_2_046CFF10 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0470070D mov eax, dword ptr fs:[00000030h] | 14_2_0470070D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0470070D mov eax, dword ptr fs:[00000030h] | 14_2_0470070D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046737F5 mov eax, dword ptr fs:[00000030h] | 14_2_046737F5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04648794 mov eax, dword ptr fs:[00000030h] | 14_2_04648794 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B7794 mov eax, dword ptr fs:[00000030h] | 14_2_046B7794 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B7794 mov eax, dword ptr fs:[00000030h] | 14_2_046B7794 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B7794 mov eax, dword ptr fs:[00000030h] | 14_2_046B7794 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04701074 mov eax, dword ptr fs:[00000030h] | 14_2_04701074 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F2073 mov eax, dword ptr fs:[00000030h] | 14_2_046F2073 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04650050 mov eax, dword ptr fs:[00000030h] | 14_2_04650050 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04650050 mov eax, dword ptr fs:[00000030h] | 14_2_04650050 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466002D mov eax, dword ptr fs:[00000030h] | 14_2_0466002D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466002D mov eax, dword ptr fs:[00000030h] | 14_2_0466002D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466002D mov eax, dword ptr fs:[00000030h] | 14_2_0466002D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466002D mov eax, dword ptr fs:[00000030h] | 14_2_0466002D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466002D mov eax, dword ptr fs:[00000030h] | 14_2_0466002D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0464B02A mov eax, dword ptr fs:[00000030h] | 14_2_0464B02A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0464B02A mov eax, dword ptr fs:[00000030h] | 14_2_0464B02A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0464B02A mov eax, dword ptr fs:[00000030h] | 14_2_0464B02A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0464B02A mov eax, dword ptr fs:[00000030h] | 14_2_0464B02A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04704015 mov eax, dword ptr fs:[00000030h] | 14_2_04704015 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04704015 mov eax, dword ptr fs:[00000030h] | 14_2_04704015 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B7016 mov eax, dword ptr fs:[00000030h] | 14_2_046B7016 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B7016 mov eax, dword ptr fs:[00000030h] | 14_2_046B7016 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B7016 mov eax, dword ptr fs:[00000030h] | 14_2_046B7016 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046358EC mov eax, dword ptr fs:[00000030h] | 14_2_046358EC |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046CB8D0 mov eax, dword ptr fs:[00000030h] | 14_2_046CB8D0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046CB8D0 mov ecx, dword ptr fs:[00000030h] | 14_2_046CB8D0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046CB8D0 mov eax, dword ptr fs:[00000030h] | 14_2_046CB8D0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046CB8D0 mov eax, dword ptr fs:[00000030h] | 14_2_046CB8D0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046CB8D0 mov eax, dword ptr fs:[00000030h] | 14_2_046CB8D0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046CB8D0 mov eax, dword ptr fs:[00000030h] | 14_2_046CB8D0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046620A0 mov eax, dword ptr fs:[00000030h] | 14_2_046620A0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046620A0 mov eax, dword ptr fs:[00000030h] | 14_2_046620A0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046620A0 mov eax, dword ptr fs:[00000030h] | 14_2_046620A0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046620A0 mov eax, dword ptr fs:[00000030h] | 14_2_046620A0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046620A0 mov eax, dword ptr fs:[00000030h] | 14_2_046620A0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046620A0 mov eax, dword ptr fs:[00000030h] | 14_2_046620A0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046790AF mov eax, dword ptr fs:[00000030h] | 14_2_046790AF |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466F0BF mov ecx, dword ptr fs:[00000030h] | 14_2_0466F0BF |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466F0BF mov eax, dword ptr fs:[00000030h] | 14_2_0466F0BF |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466F0BF mov eax, dword ptr fs:[00000030h] | 14_2_0466F0BF |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04639080 mov eax, dword ptr fs:[00000030h] | 14_2_04639080 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B3884 mov eax, dword ptr fs:[00000030h] | 14_2_046B3884 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B3884 mov eax, dword ptr fs:[00000030h] | 14_2_046B3884 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463C962 mov eax, dword ptr fs:[00000030h] | 14_2_0463C962 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463B171 mov eax, dword ptr fs:[00000030h] | 14_2_0463B171 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463B171 mov eax, dword ptr fs:[00000030h] | 14_2_0463B171 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0465B944 mov eax, dword ptr fs:[00000030h] | 14_2_0465B944 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0465B944 mov eax, dword ptr fs:[00000030h] | 14_2_0465B944 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04654120 mov eax, dword ptr fs:[00000030h] | 14_2_04654120 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04654120 mov eax, dword ptr fs:[00000030h] | 14_2_04654120 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04654120 mov eax, dword ptr fs:[00000030h] | 14_2_04654120 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04654120 mov eax, dword ptr fs:[00000030h] | 14_2_04654120 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04654120 mov ecx, dword ptr fs:[00000030h] | 14_2_04654120 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466513A mov eax, dword ptr fs:[00000030h] | 14_2_0466513A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466513A mov eax, dword ptr fs:[00000030h] | 14_2_0466513A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04639100 mov eax, dword ptr fs:[00000030h] | 14_2_04639100 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04639100 mov eax, dword ptr fs:[00000030h] | 14_2_04639100 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04639100 mov eax, dword ptr fs:[00000030h] | 14_2_04639100 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463B1E1 mov eax, dword ptr fs:[00000030h] | 14_2_0463B1E1 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463B1E1 mov eax, dword ptr fs:[00000030h] | 14_2_0463B1E1 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463B1E1 mov eax, dword ptr fs:[00000030h] | 14_2_0463B1E1 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046C41E8 mov eax, dword ptr fs:[00000030h] | 14_2_046C41E8 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046661A0 mov eax, dword ptr fs:[00000030h] | 14_2_046661A0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046661A0 mov eax, dword ptr fs:[00000030h] | 14_2_046661A0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B69A6 mov eax, dword ptr fs:[00000030h] | 14_2_046B69A6 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B51BE mov eax, dword ptr fs:[00000030h] | 14_2_046B51BE |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B51BE mov eax, dword ptr fs:[00000030h] | 14_2_046B51BE |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B51BE mov eax, dword ptr fs:[00000030h] | 14_2_046B51BE |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B51BE mov eax, dword ptr fs:[00000030h] | 14_2_046B51BE |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466A185 mov eax, dword ptr fs:[00000030h] | 14_2_0466A185 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0465C182 mov eax, dword ptr fs:[00000030h] | 14_2_0465C182 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04662990 mov eax, dword ptr fs:[00000030h] | 14_2_04662990 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046EB260 mov eax, dword ptr fs:[00000030h] | 14_2_046EB260 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046EB260 mov eax, dword ptr fs:[00000030h] | 14_2_046EB260 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04708A62 mov eax, dword ptr fs:[00000030h] | 14_2_04708A62 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0467927A mov eax, dword ptr fs:[00000030h] | 14_2_0467927A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04639240 mov eax, dword ptr fs:[00000030h] | 14_2_04639240 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04639240 mov eax, dword ptr fs:[00000030h] | 14_2_04639240 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04639240 mov eax, dword ptr fs:[00000030h] | 14_2_04639240 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04639240 mov eax, dword ptr fs:[00000030h] | 14_2_04639240 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046FEA55 mov eax, dword ptr fs:[00000030h] | 14_2_046FEA55 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046C4257 mov eax, dword ptr fs:[00000030h] | 14_2_046C4257 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04674A2C mov eax, dword ptr fs:[00000030h] | 14_2_04674A2C |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04674A2C mov eax, dword ptr fs:[00000030h] | 14_2_04674A2C |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04648A0A mov eax, dword ptr fs:[00000030h] | 14_2_04648A0A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04635210 mov eax, dword ptr fs:[00000030h] | 14_2_04635210 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04635210 mov ecx, dword ptr fs:[00000030h] | 14_2_04635210 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04635210 mov eax, dword ptr fs:[00000030h] | 14_2_04635210 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04635210 mov eax, dword ptr fs:[00000030h] | 14_2_04635210 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463AA16 mov eax, dword ptr fs:[00000030h] | 14_2_0463AA16 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463AA16 mov eax, dword ptr fs:[00000030h] | 14_2_0463AA16 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04653A1C mov eax, dword ptr fs:[00000030h] | 14_2_04653A1C |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046FAA16 mov eax, dword ptr fs:[00000030h] | 14_2_046FAA16 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046FAA16 mov eax, dword ptr fs:[00000030h] | 14_2_046FAA16 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04662AE4 mov eax, dword ptr fs:[00000030h] | 14_2_04662AE4 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04662ACB mov eax, dword ptr fs:[00000030h] | 14_2_04662ACB |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046352A5 mov eax, dword ptr fs:[00000030h] | 14_2_046352A5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046352A5 mov eax, dword ptr fs:[00000030h] | 14_2_046352A5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046352A5 mov eax, dword ptr fs:[00000030h] | 14_2_046352A5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046352A5 mov eax, dword ptr fs:[00000030h] | 14_2_046352A5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046352A5 mov eax, dword ptr fs:[00000030h] | 14_2_046352A5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0464AAB0 mov eax, dword ptr fs:[00000030h] | 14_2_0464AAB0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0464AAB0 mov eax, dword ptr fs:[00000030h] | 14_2_0464AAB0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466FAB0 mov eax, dword ptr fs:[00000030h] | 14_2_0466FAB0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466D294 mov eax, dword ptr fs:[00000030h] | 14_2_0466D294 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466D294 mov eax, dword ptr fs:[00000030h] | 14_2_0466D294 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463DB60 mov ecx, dword ptr fs:[00000030h] | 14_2_0463DB60 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04663B7A mov eax, dword ptr fs:[00000030h] | 14_2_04663B7A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04663B7A mov eax, dword ptr fs:[00000030h] | 14_2_04663B7A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463DB40 mov eax, dword ptr fs:[00000030h] | 14_2_0463DB40 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04708B58 mov eax, dword ptr fs:[00000030h] | 14_2_04708B58 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0463F358 mov eax, dword ptr fs:[00000030h] | 14_2_0463F358 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F131B mov eax, dword ptr fs:[00000030h] | 14_2_046F131B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046603E2 mov eax, dword ptr fs:[00000030h] | 14_2_046603E2 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046603E2 mov eax, dword ptr fs:[00000030h] | 14_2_046603E2 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046603E2 mov eax, dword ptr fs:[00000030h] | 14_2_046603E2 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046603E2 mov eax, dword ptr fs:[00000030h] | 14_2_046603E2 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046603E2 mov eax, dword ptr fs:[00000030h] | 14_2_046603E2 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046603E2 mov eax, dword ptr fs:[00000030h] | 14_2_046603E2 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0465DBE9 mov eax, dword ptr fs:[00000030h] | 14_2_0465DBE9 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B53CA mov eax, dword ptr fs:[00000030h] | 14_2_046B53CA |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046B53CA mov eax, dword ptr fs:[00000030h] | 14_2_046B53CA |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04664BAD mov eax, dword ptr fs:[00000030h] | 14_2_04664BAD |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04664BAD mov eax, dword ptr fs:[00000030h] | 14_2_04664BAD |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04664BAD mov eax, dword ptr fs:[00000030h] | 14_2_04664BAD |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04705BA5 mov eax, dword ptr fs:[00000030h] | 14_2_04705BA5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046F138A mov eax, dword ptr fs:[00000030h] | 14_2_046F138A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04641B8F mov eax, dword ptr fs:[00000030h] | 14_2_04641B8F |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04641B8F mov eax, dword ptr fs:[00000030h] | 14_2_04641B8F |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_046ED380 mov ecx, dword ptr fs:[00000030h] | 14_2_046ED380 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_04662397 mov eax, dword ptr fs:[00000030h] | 14_2_04662397 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 14_2_0466B390 mov eax, dword ptr fs:[00000030h] | 14_2_0466B390 |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Users\user\Desktop\RFQ.exe VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\RFQ.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Play interactive tour
Edit tour
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node