Source: Yara match |
File source: 5.0.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.BmFKvDpmPT.exe.387af58.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 5.0.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.BmFKvDpmPT.exe.3848338.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 5.0.RegSvcs.exe.400000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 5.0.RegSvcs.exe.400000.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 5.0.RegSvcs.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.BmFKvDpmPT.exe.387af58.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.BmFKvDpmPT.exe.3848338.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000005.00000002.566000035.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000000.319761146.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000000.319251855.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000000.320809226.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.333190645.0000000003769000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000000.320304519.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: BmFKvDpmPT.exe PID: 6756, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: RegSvcs.exe PID: 6996, type: MEMORYSTR |
Source: RegSvcs.exe, 00000005.00000002.566607418.0000000000D1D000.00000004.00000020.sdmp |
String found in binary or memory: http://crl.microsoft.co |
Source: BmFKvDpmPT.exe, 00000000.00000003.295338346.00000000055B6000.00000004.00000001.sdmp |
String found in binary or memory: http://en.w |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp |
String found in binary or memory: http://fontfabrik.com |
Source: RegSvcs.exe, 00000005.00000002.567708618.00000000029E3000.00000004.00000001.sdmp |
String found in binary or memory: http://google.com |
Source: BmFKvDpmPT.exe, 00000000.00000002.325875243.0000000002761000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000002.329114448.0000000002882000.00000004.00000001.sdmp, RegSvcs.exe, 00000005.00000002.567622744.0000000002971000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296862922.00000000055B7000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296899685.00000000055B7000.00000004.00000001.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp |
String found in binary or memory: http://www.carterandcone.coml |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.300560386.00000000055BD000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers |
Source: BmFKvDpmPT.exe, 00000000.00000003.304399990.00000000055B7000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/ |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: BmFKvDpmPT.exe, 00000000.00000003.300560386.00000000055BD000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/cabarga.html |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: BmFKvDpmPT.exe, 00000000.00000003.300560386.00000000055BD000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlp |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers? |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designersG |
Source: BmFKvDpmPT.exe, 00000000.00000003.300483710.00000000055BC000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.300560386.00000000055BD000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.comI.TTF |
Source: BmFKvDpmPT.exe, 00000000.00000003.302179789.00000000055BC000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.302070147.00000000055BC000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.comM.TTF |
Source: BmFKvDpmPT.exe, 00000000.00000003.304753590.00000000055B7000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.304399990.00000000055B7000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.304677782.00000000055B7000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.coma |
Source: BmFKvDpmPT.exe, 00000000.00000003.301350788.00000000055BE000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.301188185.00000000055BC000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.comalic |
Source: BmFKvDpmPT.exe, 00000000.00000003.301350788.00000000055BE000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.301188185.00000000055BC000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.comals |
Source: BmFKvDpmPT.exe, 00000000.00000003.300483710.00000000055BC000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.300560386.00000000055BD000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.301350788.00000000055BE000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.comd |
Source: BmFKvDpmPT.exe, 00000000.00000003.301350788.00000000055BE000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.301188185.00000000055BC000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.comdF |
Source: BmFKvDpmPT.exe, 00000000.00000003.304753590.00000000055B7000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000002.334933180.00000000055B0000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.304677782.00000000055B7000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.come.com |
Source: BmFKvDpmPT.exe, 00000000.00000003.301350788.00000000055BE000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.301188185.00000000055BC000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.coml: |
Source: BmFKvDpmPT.exe, 00000000.00000003.301350788.00000000055BE000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.comony-u |
Source: BmFKvDpmPT.exe, 00000000.00000003.304753590.00000000055B7000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.304399990.00000000055B7000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.304677782.00000000055B7000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.comueu |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fonts.com |
Source: BmFKvDpmPT.exe, 00000000.00000003.296479166.00000000055B7000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296378203.00000000055B7000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296427503.00000000055B8000.00000004.00000001.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: BmFKvDpmPT.exe, 00000000.00000003.296378203.00000000055B7000.00000004.00000001.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn6 |
Source: BmFKvDpmPT.exe, 00000000.00000003.296427503.00000000055B8000.00000004.00000001.sdmp |
String found in binary or memory: http://www.founder.com.cn/cnn-u |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp |
String found in binary or memory: http://www.goodfont.co.kr |
Source: BmFKvDpmPT.exe, 00000000.00000003.297924832.00000000055BD000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.298020406.00000000055BD000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.297391712.00000000055BB000.00000004.00000001.sdmp |
String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: BmFKvDpmPT.exe, 00000000.00000003.297391712.00000000055BB000.00000004.00000001.sdmp |
String found in binary or memory: http://www.jiyu-kobo.co.jp//typ |
Source: BmFKvDpmPT.exe, 00000000.00000003.297924832.00000000055BD000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.298020406.00000000055BD000.00000004.00000001.sdmp |
String found in binary or memory: http://www.jiyu-kobo.co.jp/3 |
Source: BmFKvDpmPT.exe, 00000000.00000003.297924832.00000000055BD000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.298020406.00000000055BD000.00000004.00000001.sdmp |
String found in binary or memory: http://www.jiyu-kobo.co.jp/T |
Source: BmFKvDpmPT.exe, 00000000.00000003.297924832.00000000055BD000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.298020406.00000000055BD000.00000004.00000001.sdmp |
String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0li |
Source: BmFKvDpmPT.exe, 00000000.00000003.297924832.00000000055BD000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.298020406.00000000055BD000.00000004.00000001.sdmp |
String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/ |
Source: BmFKvDpmPT.exe, 00000000.00000003.297924832.00000000055BD000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.298020406.00000000055BD000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.297391712.00000000055BB000.00000004.00000001.sdmp |
String found in binary or memory: http://www.jiyu-kobo.co.jp/nl |
Source: BmFKvDpmPT.exe, 00000000.00000003.296070554.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.295370513.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.295858133.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296601536.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.297448867.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296564522.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296855743.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296008739.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296026042.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000002.334992709.00000000067C2000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296197755.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.295844647.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296637853.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296113330.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.295897849.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.295993371.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.295952410.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.295545460.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.295883605.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296412276.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296179837.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.295233060.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.297472399.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.295980124.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.295645885.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296888806.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.297203888.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.295189172.00000000055CB000.00000004.00000001.sdmp, BmFKvDpmPT.exe, 00000000.00000003.296791032.00000000055CB000.00000004.00000001.s |