| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Code function: 7_2_00419D60 NtCreateFile, | 7_2_00419D60 |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Code function: 7_2_00419E10 NtReadFile, | 7_2_00419E10 |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Code function: 7_2_00419E90 NtClose, | 7_2_00419E90 |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Code function: 7_2_00419F40 NtAllocateVirtualMemory, | 7_2_00419F40 |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Code function: 7_2_00419D5A NtCreateFile, | 7_2_00419D5A |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Code function: 7_2_00419E0A NtReadFile, | 7_2_00419E0A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D696D0 NtCreateKey,LdrInitializeThunk, | 13_2_02D696D0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D696E0 NtFreeVirtualMemory,LdrInitializeThunk, | 13_2_02D696E0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69650 NtQueryValueKey,LdrInitializeThunk, | 13_2_02D69650 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69A50 NtCreateFile,LdrInitializeThunk, | 13_2_02D69A50 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69660 NtAllocateVirtualMemory,LdrInitializeThunk, | 13_2_02D69660 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69FE0 NtCreateMutant,LdrInitializeThunk, | 13_2_02D69FE0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69780 NtMapViewOfSection,LdrInitializeThunk, | 13_2_02D69780 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69710 NtQueryInformationToken,LdrInitializeThunk, | 13_2_02D69710 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69840 NtDelayExecution,LdrInitializeThunk, | 13_2_02D69840 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69860 NtQuerySystemInformation,LdrInitializeThunk, | 13_2_02D69860 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D695D0 NtClose,LdrInitializeThunk, | 13_2_02D695D0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D699A0 NtCreateSection,LdrInitializeThunk, | 13_2_02D699A0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69540 NtReadFile,LdrInitializeThunk, | 13_2_02D69540 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69910 NtAdjustPrivilegesToken,LdrInitializeThunk, | 13_2_02D69910 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69A80 NtOpenDirectoryObject, | 13_2_02D69A80 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69670 NtQueryInformationProcess, | 13_2_02D69670 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69610 NtEnumerateValueKey, | 13_2_02D69610 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69A10 NtQuerySection, | 13_2_02D69A10 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69A00 NtProtectVirtualMemory, | 13_2_02D69A00 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69A20 NtResumeThread, | 13_2_02D69A20 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D6A3B0 NtGetContextThread, | 13_2_02D6A3B0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D697A0 NtUnmapViewOfSection, | 13_2_02D697A0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69770 NtSetInformationFile, | 13_2_02D69770 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D6A770 NtOpenThread, | 13_2_02D6A770 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69760 NtOpenProcess, | 13_2_02D69760 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D6A710 NtOpenProcessToken, | 13_2_02D6A710 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69B00 NtSetValueKey, | 13_2_02D69B00 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69730 NtQueryVirtualMemory, | 13_2_02D69730 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D698F0 NtReadVirtualMemory, | 13_2_02D698F0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D698A0 NtWriteVirtualMemory, | 13_2_02D698A0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D6B040 NtSuspendThread, | 13_2_02D6B040 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69820 NtEnumerateKey, | 13_2_02D69820 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D699D0 NtCreateProcessEx, | 13_2_02D699D0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D695F0 NtQueryInformationFile, | 13_2_02D695F0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69950 NtQueueApcThread, | 13_2_02D69950 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69560 NtWriteFile, | 13_2_02D69560 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D6AD30 NtSetContextThread, | 13_2_02D6AD30 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D69520 NtWaitForSingleObject, | 13_2_02D69520 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_028A9E90 NtClose, | 13_2_028A9E90 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_028A9E10 NtReadFile, | 13_2_028A9E10 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_028A9F40 NtAllocateVirtualMemory, | 13_2_028A9F40 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_028A9D60 NtCreateFile, | 13_2_028A9D60 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_028A9E0A NtReadFile, | 13_2_028A9E0A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_028A9D5A NtCreateFile, | 13_2_028A9D5A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF8ED6 mov eax, dword ptr fs:[00000030h] | 13_2_02DF8ED6 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D68EC7 mov eax, dword ptr fs:[00000030h] | 13_2_02D68EC7 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D536CC mov eax, dword ptr fs:[00000030h] | 13_2_02D536CC |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DDFEC0 mov eax, dword ptr fs:[00000030h] | 13_2_02DDFEC0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D376E2 mov eax, dword ptr fs:[00000030h] | 13_2_02D376E2 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D516E0 mov ecx, dword ptr fs:[00000030h] | 13_2_02D516E0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D5D294 mov eax, dword ptr fs:[00000030h] | 13_2_02D5D294 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D5D294 mov eax, dword ptr fs:[00000030h] | 13_2_02D5D294 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DBFE87 mov eax, dword ptr fs:[00000030h] | 13_2_02DBFE87 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D3AAB0 mov eax, dword ptr fs:[00000030h] | 13_2_02D3AAB0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D3AAB0 mov eax, dword ptr fs:[00000030h] | 13_2_02D3AAB0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D5FAB0 mov eax, dword ptr fs:[00000030h] | 13_2_02D5FAB0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D252A5 mov eax, dword ptr fs:[00000030h] | 13_2_02D252A5 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D252A5 mov eax, dword ptr fs:[00000030h] | 13_2_02D252A5 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D252A5 mov eax, dword ptr fs:[00000030h] | 13_2_02D252A5 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D252A5 mov eax, dword ptr fs:[00000030h] | 13_2_02D252A5 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D252A5 mov eax, dword ptr fs:[00000030h] | 13_2_02D252A5 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF0EA5 mov eax, dword ptr fs:[00000030h] | 13_2_02DF0EA5 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF0EA5 mov eax, dword ptr fs:[00000030h] | 13_2_02DF0EA5 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF0EA5 mov eax, dword ptr fs:[00000030h] | 13_2_02DF0EA5 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA46A7 mov eax, dword ptr fs:[00000030h] | 13_2_02DA46A7 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DB4257 mov eax, dword ptr fs:[00000030h] | 13_2_02DB4257 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D29240 mov eax, dword ptr fs:[00000030h] | 13_2_02D29240 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D29240 mov eax, dword ptr fs:[00000030h] | 13_2_02D29240 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D29240 mov eax, dword ptr fs:[00000030h] | 13_2_02D29240 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D29240 mov eax, dword ptr fs:[00000030h] | 13_2_02D29240 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D37E41 mov eax, dword ptr fs:[00000030h] | 13_2_02D37E41 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D37E41 mov eax, dword ptr fs:[00000030h] | 13_2_02D37E41 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D37E41 mov eax, dword ptr fs:[00000030h] | 13_2_02D37E41 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D37E41 mov eax, dword ptr fs:[00000030h] | 13_2_02D37E41 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D37E41 mov eax, dword ptr fs:[00000030h] | 13_2_02D37E41 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D37E41 mov eax, dword ptr fs:[00000030h] | 13_2_02D37E41 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D4AE73 mov eax, dword ptr fs:[00000030h] | 13_2_02D4AE73 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D4AE73 mov eax, dword ptr fs:[00000030h] | 13_2_02D4AE73 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D4AE73 mov eax, dword ptr fs:[00000030h] | 13_2_02D4AE73 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D4AE73 mov eax, dword ptr fs:[00000030h] | 13_2_02D4AE73 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D4AE73 mov eax, dword ptr fs:[00000030h] | 13_2_02D4AE73 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D6927A mov eax, dword ptr fs:[00000030h] | 13_2_02D6927A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DDB260 mov eax, dword ptr fs:[00000030h] | 13_2_02DDB260 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DDB260 mov eax, dword ptr fs:[00000030h] | 13_2_02DDB260 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF8A62 mov eax, dword ptr fs:[00000030h] | 13_2_02DF8A62 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D3766D mov eax, dword ptr fs:[00000030h] | 13_2_02D3766D |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D43A1C mov eax, dword ptr fs:[00000030h] | 13_2_02D43A1C |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D2C600 mov eax, dword ptr fs:[00000030h] | 13_2_02D2C600 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D2C600 mov eax, dword ptr fs:[00000030h] | 13_2_02D2C600 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D2C600 mov eax, dword ptr fs:[00000030h] | 13_2_02D2C600 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DDFE3F mov eax, dword ptr fs:[00000030h] | 13_2_02DDFE3F |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D2E620 mov eax, dword ptr fs:[00000030h] | 13_2_02D2E620 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D637F5 mov eax, dword ptr fs:[00000030h] | 13_2_02D637F5 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D5B390 mov eax, dword ptr fs:[00000030h] | 13_2_02D5B390 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA7794 mov eax, dword ptr fs:[00000030h] | 13_2_02DA7794 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA7794 mov eax, dword ptr fs:[00000030h] | 13_2_02DA7794 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA7794 mov eax, dword ptr fs:[00000030h] | 13_2_02DA7794 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE138A mov eax, dword ptr fs:[00000030h] | 13_2_02DE138A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D31B8F mov eax, dword ptr fs:[00000030h] | 13_2_02D31B8F |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D31B8F mov eax, dword ptr fs:[00000030h] | 13_2_02D31B8F |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DDD380 mov ecx, dword ptr fs:[00000030h] | 13_2_02DDD380 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF5BA5 mov eax, dword ptr fs:[00000030h] | 13_2_02DF5BA5 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF8B58 mov eax, dword ptr fs:[00000030h] | 13_2_02DF8B58 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D2F358 mov eax, dword ptr fs:[00000030h] | 13_2_02D2F358 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D2DB40 mov eax, dword ptr fs:[00000030h] | 13_2_02D2DB40 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D3EF40 mov eax, dword ptr fs:[00000030h] | 13_2_02D3EF40 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D53B7A mov eax, dword ptr fs:[00000030h] | 13_2_02D53B7A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D53B7A mov eax, dword ptr fs:[00000030h] | 13_2_02D53B7A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D2DB60 mov ecx, dword ptr fs:[00000030h] | 13_2_02D2DB60 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D3FF60 mov eax, dword ptr fs:[00000030h] | 13_2_02D3FF60 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF8F6A mov eax, dword ptr fs:[00000030h] | 13_2_02DF8F6A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE131B mov eax, dword ptr fs:[00000030h] | 13_2_02DE131B |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DBFF10 mov eax, dword ptr fs:[00000030h] | 13_2_02DBFF10 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DBFF10 mov eax, dword ptr fs:[00000030h] | 13_2_02DBFF10 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF070D mov eax, dword ptr fs:[00000030h] | 13_2_02DF070D |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF070D mov eax, dword ptr fs:[00000030h] | 13_2_02DF070D |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D5E730 mov eax, dword ptr fs:[00000030h] | 13_2_02D5E730 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D24F2E mov eax, dword ptr fs:[00000030h] | 13_2_02D24F2E |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D24F2E mov eax, dword ptr fs:[00000030h] | 13_2_02D24F2E |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF8CD6 mov eax, dword ptr fs:[00000030h] | 13_2_02DF8CD6 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DBB8D0 mov eax, dword ptr fs:[00000030h] | 13_2_02DBB8D0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DBB8D0 mov ecx, dword ptr fs:[00000030h] | 13_2_02DBB8D0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DBB8D0 mov eax, dword ptr fs:[00000030h] | 13_2_02DBB8D0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DBB8D0 mov eax, dword ptr fs:[00000030h] | 13_2_02DBB8D0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DBB8D0 mov eax, dword ptr fs:[00000030h] | 13_2_02DBB8D0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DBB8D0 mov eax, dword ptr fs:[00000030h] | 13_2_02DBB8D0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE14FB mov eax, dword ptr fs:[00000030h] | 13_2_02DE14FB |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA6CF0 mov eax, dword ptr fs:[00000030h] | 13_2_02DA6CF0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA6CF0 mov eax, dword ptr fs:[00000030h] | 13_2_02DA6CF0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA6CF0 mov eax, dword ptr fs:[00000030h] | 13_2_02DA6CF0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D29080 mov eax, dword ptr fs:[00000030h] | 13_2_02D29080 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA3884 mov eax, dword ptr fs:[00000030h] | 13_2_02DA3884 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA3884 mov eax, dword ptr fs:[00000030h] | 13_2_02DA3884 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D5F0BF mov ecx, dword ptr fs:[00000030h] | 13_2_02D5F0BF |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D5F0BF mov eax, dword ptr fs:[00000030h] | 13_2_02D5F0BF |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D5F0BF mov eax, dword ptr fs:[00000030h] | 13_2_02D5F0BF |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D690AF mov eax, dword ptr fs:[00000030h] | 13_2_02D690AF |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D40050 mov eax, dword ptr fs:[00000030h] | 13_2_02D40050 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D40050 mov eax, dword ptr fs:[00000030h] | 13_2_02D40050 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DBC450 mov eax, dword ptr fs:[00000030h] | 13_2_02DBC450 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DBC450 mov eax, dword ptr fs:[00000030h] | 13_2_02DBC450 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF1074 mov eax, dword ptr fs:[00000030h] | 13_2_02DF1074 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE2073 mov eax, dword ptr fs:[00000030h] | 13_2_02DE2073 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D4746D mov eax, dword ptr fs:[00000030h] | 13_2_02D4746D |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF4015 mov eax, dword ptr fs:[00000030h] | 13_2_02DF4015 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF4015 mov eax, dword ptr fs:[00000030h] | 13_2_02DF4015 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA7016 mov eax, dword ptr fs:[00000030h] | 13_2_02DA7016 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA7016 mov eax, dword ptr fs:[00000030h] | 13_2_02DA7016 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA7016 mov eax, dword ptr fs:[00000030h] | 13_2_02DA7016 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA6C0A mov eax, dword ptr fs:[00000030h] | 13_2_02DA6C0A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA6C0A mov eax, dword ptr fs:[00000030h] | 13_2_02DA6C0A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA6C0A mov eax, dword ptr fs:[00000030h] | 13_2_02DA6C0A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA6C0A mov eax, dword ptr fs:[00000030h] | 13_2_02DA6C0A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF740D mov eax, dword ptr fs:[00000030h] | 13_2_02DF740D |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF740D mov eax, dword ptr fs:[00000030h] | 13_2_02DF740D |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF740D mov eax, dword ptr fs:[00000030h] | 13_2_02DF740D |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE1C06 mov eax, dword ptr fs:[00000030h] | 13_2_02DE1C06 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE1C06 mov eax, dword ptr fs:[00000030h] | 13_2_02DE1C06 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE1C06 mov eax, dword ptr fs:[00000030h] | 13_2_02DE1C06 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE1C06 mov eax, dword ptr fs:[00000030h] | 13_2_02DE1C06 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE1C06 mov eax, dword ptr fs:[00000030h] | 13_2_02DE1C06 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE1C06 mov eax, dword ptr fs:[00000030h] | 13_2_02DE1C06 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE1C06 mov eax, dword ptr fs:[00000030h] | 13_2_02DE1C06 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE1C06 mov eax, dword ptr fs:[00000030h] | 13_2_02DE1C06 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE1C06 mov eax, dword ptr fs:[00000030h] | 13_2_02DE1C06 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE1C06 mov eax, dword ptr fs:[00000030h] | 13_2_02DE1C06 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE1C06 mov eax, dword ptr fs:[00000030h] | 13_2_02DE1C06 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE1C06 mov eax, dword ptr fs:[00000030h] | 13_2_02DE1C06 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE1C06 mov eax, dword ptr fs:[00000030h] | 13_2_02DE1C06 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DE1C06 mov eax, dword ptr fs:[00000030h] | 13_2_02DE1C06 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D3B02A mov eax, dword ptr fs:[00000030h] | 13_2_02D3B02A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D3B02A mov eax, dword ptr fs:[00000030h] | 13_2_02D3B02A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D3B02A mov eax, dword ptr fs:[00000030h] | 13_2_02D3B02A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D3B02A mov eax, dword ptr fs:[00000030h] | 13_2_02D3B02A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D5BC2C mov eax, dword ptr fs:[00000030h] | 13_2_02D5BC2C |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DD8DF1 mov eax, dword ptr fs:[00000030h] | 13_2_02DD8DF1 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D2B1E1 mov eax, dword ptr fs:[00000030h] | 13_2_02D2B1E1 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D2B1E1 mov eax, dword ptr fs:[00000030h] | 13_2_02D2B1E1 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D2B1E1 mov eax, dword ptr fs:[00000030h] | 13_2_02D2B1E1 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DB41E8 mov eax, dword ptr fs:[00000030h] | 13_2_02DB41E8 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D3D5E0 mov eax, dword ptr fs:[00000030h] | 13_2_02D3D5E0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D3D5E0 mov eax, dword ptr fs:[00000030h] | 13_2_02D3D5E0 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D5FD9B mov eax, dword ptr fs:[00000030h] | 13_2_02D5FD9B |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D5FD9B mov eax, dword ptr fs:[00000030h] | 13_2_02D5FD9B |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D5A185 mov eax, dword ptr fs:[00000030h] | 13_2_02D5A185 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D4C182 mov eax, dword ptr fs:[00000030h] | 13_2_02D4C182 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D22D8A mov eax, dword ptr fs:[00000030h] | 13_2_02D22D8A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D22D8A mov eax, dword ptr fs:[00000030h] | 13_2_02D22D8A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D22D8A mov eax, dword ptr fs:[00000030h] | 13_2_02D22D8A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D22D8A mov eax, dword ptr fs:[00000030h] | 13_2_02D22D8A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D22D8A mov eax, dword ptr fs:[00000030h] | 13_2_02D22D8A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D535A1 mov eax, dword ptr fs:[00000030h] | 13_2_02D535A1 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D47D50 mov eax, dword ptr fs:[00000030h] | 13_2_02D47D50 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D4B944 mov eax, dword ptr fs:[00000030h] | 13_2_02D4B944 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D4B944 mov eax, dword ptr fs:[00000030h] | 13_2_02D4B944 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D63D43 mov eax, dword ptr fs:[00000030h] | 13_2_02D63D43 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DA3540 mov eax, dword ptr fs:[00000030h] | 13_2_02DA3540 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D2B171 mov eax, dword ptr fs:[00000030h] | 13_2_02D2B171 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D2B171 mov eax, dword ptr fs:[00000030h] | 13_2_02D2B171 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D4C577 mov eax, dword ptr fs:[00000030h] | 13_2_02D4C577 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D4C577 mov eax, dword ptr fs:[00000030h] | 13_2_02D4C577 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D2C962 mov eax, dword ptr fs:[00000030h] | 13_2_02D2C962 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D29100 mov eax, dword ptr fs:[00000030h] | 13_2_02D29100 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D29100 mov eax, dword ptr fs:[00000030h] | 13_2_02D29100 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D29100 mov eax, dword ptr fs:[00000030h] | 13_2_02D29100 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D2AD30 mov eax, dword ptr fs:[00000030h] | 13_2_02D2AD30 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D33D34 mov eax, dword ptr fs:[00000030h] | 13_2_02D33D34 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D33D34 mov eax, dword ptr fs:[00000030h] | 13_2_02D33D34 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D33D34 mov eax, dword ptr fs:[00000030h] | 13_2_02D33D34 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D33D34 mov eax, dword ptr fs:[00000030h] | 13_2_02D33D34 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D33D34 mov eax, dword ptr fs:[00000030h] | 13_2_02D33D34 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D33D34 mov eax, dword ptr fs:[00000030h] | 13_2_02D33D34 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D33D34 mov eax, dword ptr fs:[00000030h] | 13_2_02D33D34 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D33D34 mov eax, dword ptr fs:[00000030h] | 13_2_02D33D34 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D33D34 mov eax, dword ptr fs:[00000030h] | 13_2_02D33D34 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D33D34 mov eax, dword ptr fs:[00000030h] | 13_2_02D33D34 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D33D34 mov eax, dword ptr fs:[00000030h] | 13_2_02D33D34 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D33D34 mov eax, dword ptr fs:[00000030h] | 13_2_02D33D34 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D33D34 mov eax, dword ptr fs:[00000030h] | 13_2_02D33D34 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DF8D34 mov eax, dword ptr fs:[00000030h] | 13_2_02DF8D34 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02DAA537 mov eax, dword ptr fs:[00000030h] | 13_2_02DAA537 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D54D3B mov eax, dword ptr fs:[00000030h] | 13_2_02D54D3B |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D54D3B mov eax, dword ptr fs:[00000030h] | 13_2_02D54D3B |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D54D3B mov eax, dword ptr fs:[00000030h] | 13_2_02D54D3B |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D5513A mov eax, dword ptr fs:[00000030h] | 13_2_02D5513A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D5513A mov eax, dword ptr fs:[00000030h] | 13_2_02D5513A |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D44120 mov eax, dword ptr fs:[00000030h] | 13_2_02D44120 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D44120 mov eax, dword ptr fs:[00000030h] | 13_2_02D44120 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D44120 mov eax, dword ptr fs:[00000030h] | 13_2_02D44120 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D44120 mov eax, dword ptr fs:[00000030h] | 13_2_02D44120 |
| Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 13_2_02D44120 mov ecx, dword ptr fs:[00000030h] | 13_2_02D44120 |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Users\user\Desktop\6KdTCZit4e.exe VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\6KdTCZit4e.exe | Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation | Jump to behavior |
Play interactive tour
Edit tour
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node