Source: explorer.exe, 00000011.00000000.834267617.00000000008F7000.00000004.00000020.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: 52h0KETBXt.exe, 00000001.00000003.659840508.0000000005845000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.659900419.0000000005845000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.659871289.0000000005846000.00000004.00000001.sdmp | String found in binary or memory: http://en.w |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://fontfabrik.com |
Source: 52h0KETBXt.exe, 00000001.00000003.661359025.0000000005847000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.664631137.0000000005846000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.662971751.0000000005845000.00000004.00000001.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: 52h0KETBXt.exe, 00000001.00000003.661509000.0000000005846000.00000004.00000001.sdmp | String found in binary or memory: http://www.carterandcone.com |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.carterandcone.coml |
Source: 52h0KETBXt.exe, 00000001.00000003.661509000.0000000005846000.00000004.00000001.sdmp | String found in binary or memory: http://www.carterandcone.como.? |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers |
Source: 52h0KETBXt.exe, 00000001.00000003.665154267.000000000587D000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/ |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: 52h0KETBXt.exe, 00000001.00000003.666226019.000000000587D000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlP& |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers? |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designersG |
Source: 52h0KETBXt.exe, 00000001.00000002.681883527.0000000000E47000.00000004.00000040.sdmp | String found in binary or memory: http://www.fontbureau.coma |
Source: 52h0KETBXt.exe, 00000001.00000002.681883527.0000000000E47000.00000004.00000040.sdmp | String found in binary or memory: http://www.fontbureau.comiona |
Source: 52h0KETBXt.exe, 00000001.00000002.681883527.0000000000E47000.00000004.00000040.sdmp | String found in binary or memory: http://www.fontbureau.coml1 |
Source: 52h0KETBXt.exe, 00000001.00000002.681883527.0000000000E47000.00000004.00000040.sdmp | String found in binary or memory: http://www.fontbureau.comm |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.fonts.com |
Source: 52h0KETBXt.exe, 00000001.00000003.661359025.0000000005847000.00000004.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: 52h0KETBXt.exe, 00000001.00000003.661509000.0000000005846000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.661311624.0000000005847000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.661448122.0000000005846000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.661191274.0000000005844000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.661260196.0000000005846000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.661386367.0000000005847000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.661212364.0000000005844000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.661359025.0000000005847000.00000004.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cnK |
Source: 52h0KETBXt.exe, 00000001.00000003.661509000.0000000005846000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.661311624.0000000005847000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.661448122.0000000005846000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.661191274.0000000005844000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.661260196.0000000005846000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.661386367.0000000005847000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.661212364.0000000005844000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.661359025.0000000005847000.00000004.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cni |
Source: 52h0KETBXt.exe, 00000001.00000003.668720087.0000000005875000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.668794708.0000000005875000.00000004.00000001.sdmp | String found in binary or memory: http://www.galapagosdesign.com/1 |
Source: 52h0KETBXt.exe, 00000001.00000003.668720087.0000000005875000.00000004.00000001.sdmp, 52h0KETBXt.exe, 00000001.00000003.668794708.0000000005875000.00000004.00000001.sdmp | String found in binary or memory: http://www.galapagosdesign.com/; |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.goodfont.co.kr |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.sajatypeworks.com |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.sakkal.com |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.sandoll.co.kr |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.tiro.com |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.typography.netD |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.urwpp.deDPlease |
Source: 52h0KETBXt.exe, 00000001.00000002.683532411.0000000006A52000.00000004.00000001.sdmp | String found in binary or memory: http://www.zhongyicts.com.cn |
Source: 52h0KETBXt.exe, 00000001.00000003.661448122.0000000005846000.00000004.00000001.sdmp | String found in binary or memory: http://www.zhongyicts.com.cno. |
Source: 2.0.52h0KETBXt.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.0.52h0KETBXt.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.2.52h0KETBXt.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.2.52h0KETBXt.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.0.52h0KETBXt.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.0.52h0KETBXt.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.0.52h0KETBXt.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.0.52h0KETBXt.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.0.52h0KETBXt.exe.400000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.0.52h0KETBXt.exe.400000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.0.52h0KETBXt.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.0.52h0KETBXt.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.2.52h0KETBXt.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.2.52h0KETBXt.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000000.679463516.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000000.679463516.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000007.00000002.929865713.0000000000470000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000007.00000002.929865713.0000000000470000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.740647599.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.740647599.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.741087450.0000000000A30000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.741087450.0000000000A30000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000003.00000000.713850034.000000000DAB7000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000003.00000000.713850034.000000000DAB7000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000000.679919351.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000000.679919351.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.741186169.0000000000E60000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.741186169.0000000000E60000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000003.00000000.729857444.000000000DAB7000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000003.00000000.729857444.000000000DAB7000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000007.00000002.932677156.0000000002840000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000007.00000002.932677156.0000000002840000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000007.00000002.932951022.0000000002940000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000007.00000002.932951022.0000000002940000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000002.682477718.00000000038F9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000001.00000002.682477718.00000000038F9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Code function: 2_2_0041A370 NtCreateFile, |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Code function: 2_2_0041A420 NtReadFile, |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Code function: 2_2_0041A4A0 NtClose, |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Code function: 2_2_0041A550 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Code function: 2_2_0041A41A NtReadFile, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9540 NtReadFile,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C95D0 NtClose,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9660 NtAllocateVirtualMemory,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9650 NtQueryValueKey,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C96E0 NtFreeVirtualMemory,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C96D0 NtCreateKey,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9710 NtQueryInformationToken,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9FE0 NtCreateMutant,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9780 NtMapViewOfSection,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9860 NtQuerySystemInformation,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9840 NtDelayExecution,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9910 NtAdjustPrivilegesToken,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C99A0 NtCreateSection,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9A50 NtCreateFile,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9560 NtWriteFile, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047CAD30 NtSetContextThread, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9520 NtWaitForSingleObject, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C95F0 NtQueryInformationFile, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9670 NtQueryInformationProcess, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9610 NtEnumerateValueKey, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047CA770 NtOpenThread, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9770 NtSetInformationFile, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9760 NtOpenProcess, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9730 NtQueryVirtualMemory, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047CA710 NtOpenProcessToken, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C97A0 NtUnmapViewOfSection, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047CB040 NtSuspendThread, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9820 NtEnumerateKey, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C98F0 NtReadVirtualMemory, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C98A0 NtWriteVirtualMemory, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9950 NtQueueApcThread, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C99D0 NtCreateProcessEx, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9A20 NtResumeThread, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9A10 NtQuerySection, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9A00 NtProtectVirtualMemory, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9A80 NtOpenDirectoryObject, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C9B00 NtSetValueKey, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047CA3B0 NtGetContextThread, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0295A370 NtCreateFile, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0295A4A0 NtClose, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0295A420 NtReadFile, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0295A550 NtAllocateVirtualMemory, |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0295A41A NtReadFile, |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\systray.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: explorer.exe, 00000011.00000003.832133080.00000000043CA000.00000004.00000001.sdmp | Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000 |
Source: explorer.exe, 00000011.00000003.876255460.000000000E661000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}t |
Source: explorer.exe, 00000011.00000003.863792121.000000000E65F000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}u |
Source: explorer.exe, 00000011.00000003.838450298.00000000044A3000.00000004.00000001.sdmp | Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D: |
Source: 52h0KETBXt.exe, 00000001.00000002.682235184.0000000002994000.00000004.00000001.sdmp | Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: explorer.exe, 00000011.00000003.876255460.000000000E661000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 00000011.00000000.845019433.00000000048EB000.00000004.00000001.sdmp | Binary or memory string: War&Prod_VMware_SATA. |
Source: explorer.exe, 00000011.00000003.863792121.000000000E65F000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}i |
Source: explorer.exe, 00000011.00000003.876255460.000000000E661000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}j |
Source: explorer.exe, 00000011.00000003.879250606.000000000E65F000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}k |
Source: explorer.exe, 00000003.00000000.710637920.000000000A60E000.00000004.00000001.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 00000011.00000003.842103160.000000000445D000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B0 |
Source: explorer.exe, 00000011.00000003.863342536.00000000044BC000.00000004.00000001.sdmp | Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000Exl |
Source: explorer.exe, 00000003.00000000.721575599.0000000004710000.00000004.00000001.sdmp | Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm |
Source: explorer.exe, 00000003.00000000.727837702.000000000A716000.00000004.00000001.sdmp | Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/ |
Source: explorer.exe, 00000011.00000003.844426612.000000000E3C7000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}21-3853321935-2125563209-40B2332-1002_Classes\Interface\{3f89d935-d9cb-4538-a0f0-ffe7659938f8}\ProxyStubClsid32 |
Source: explorer.exe, 00000003.00000000.727919641.000000000A784000.00000004.00000001.sdmp | Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@ |
Source: explorer.exe, 00000011.00000003.869641661.0000000005DA7000.00000004.00000001.sdmp | Binary or memory string: Prod_VMware_SATA[ |
Source: explorer.exe, 00000011.00000000.839276088.00000000043D3000.00000004.00000001.sdmp | Binary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}efb8b} |
Source: explorer.exe, 00000011.00000000.839741217.00000000044AB000.00000004.00000001.sdmp | Binary or memory string: War&Prod_VMware_ |
Source: explorer.exe, 00000011.00000003.839286095.0000000004385000.00000004.00000001.sdmp | Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\8fb |
Source: explorer.exe, 00000011.00000000.847178302.0000000005D8C000.00000004.00000001.sdmp | Binary or memory string: 6e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA[ |
Source: 52h0KETBXt.exe, 00000001.00000002.682235184.0000000002994000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: explorer.exe, 00000011.00000003.832056182.00000000042FC000.00000004.00000001.sdmp | Binary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000 |
Source: explorer.exe, 00000011.00000000.844218577.0000000004850000.00000004.00000001.sdmp | Binary or memory string: Prod_VMware_SATA% |
Source: explorer.exe, 00000011.00000000.839663386.000000000448B000.00000004.00000001.sdmp | Binary or memory string: VMware SATA CD00 |
Source: explorer.exe, 00000011.00000003.839286095.0000000004385000.00000004.00000001.sdmp | Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 00000011.00000003.861456572.000000000E65F000.00000004.00000001.sdmp | Binary or memory string: \?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 00000011.00000003.841578981.0000000004385000.00000004.00000001.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}}Y |
Source: explorer.exe, 00000011.00000003.832056182.00000000042FC000.00000004.00000001.sdmp | Binary or memory string: AASCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000 |
Source: explorer.exe, 00000011.00000000.839741217.00000000044AB000.00000004.00000001.sdmp | Binary or memory string: War&Prod_VMware_@HK |
Source: explorer.exe, 00000011.00000000.845019433.00000000048EB000.00000004.00000001.sdmp | Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000lZ |
Source: explorer.exe, 00000011.00000000.837922098.00000000041E0000.00000004.00000001.sdmp | Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}4 |
Source: 52h0KETBXt.exe, 00000001.00000002.682235184.0000000002994000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath " |
Source: explorer.exe, 00000011.00000003.842427446.00000000044A3000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}2 |
Source: explorer.exe, 00000011.00000000.839388539.00000000043E7000.00000004.00000001.sdmp | Binary or memory string: NECVMWarVMware SATA CD001.00 |
Source: explorer.exe, 00000011.00000003.841578981.0000000004385000.00000004.00000001.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}h |
Source: explorer.exe, 00000011.00000003.842427446.00000000044A3000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/ |
Source: explorer.exe, 00000011.00000003.839286095.0000000004385000.00000004.00000001.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\ |
Source: explorer.exe, 00000011.00000003.851234330.000000000E3C2000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B |
Source: explorer.exe, 00000011.00000003.865058659.000000000E613000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647& |
Source: explorer.exe, 00000011.00000003.842103160.000000000445D000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B_ |
Source: 52h0KETBXt.exe, 00000001.00000002.682235184.0000000002994000.00000004.00000001.sdmp | Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools |
Source: explorer.exe, 00000011.00000003.841578981.0000000004385000.00000004.00000001.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 00000011.00000003.876255460.000000000E661000.00000004.00000001.sdmp | Binary or memory string: \?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}i |
Source: explorer.exe, 00000003.00000000.689881285.0000000006650000.00000004.00000001.sdmp | Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 00000011.00000000.846057040.0000000005C30000.00000004.00000001.sdmp | Binary or memory string: _VMware_SATA_CD00#5& |
Source: explorer.exe, 00000011.00000000.839550337.000000000441D000.00000004.00000001.sdmp | Binary or memory string: 9Tm\Device\HarddiskVolume2\??\Volume{ef47ea26-ec76-4a6e-8680-9e53b539546d}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D: |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047A746D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BA44B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04858CD6 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BBC2C mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04806CF0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04806CF0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04806CF0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_048414FB mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04841C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04841C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04841C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04841C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04841C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04841C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04841C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04841C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04841C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04841C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04841C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04841C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04841C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04841C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0485740D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0485740D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0485740D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04806C0A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04806C0A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04806C0A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04806C0A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0481C450 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0481C450 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0479849B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047AC577 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047AC577 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_048505AC mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_048505AC mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047A7D50 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C3D43 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B4D3B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B4D3B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B4D3B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478AD30 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04806DC9 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04806DC9 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04806DC9 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04806DC9 mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04806DC9 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04806DC9 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04793D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04793D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04793D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04793D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04793D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04793D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04793D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04793D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04793D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04793D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04793D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04793D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04793D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0484FDE2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0484FDE2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0484FDE2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0484FDE2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04838DF1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0479D5E0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0479D5E0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04858D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0480A537 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0484E539 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04803540 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B1DB5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B1DB5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B1DB5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B35A1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BFD9B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BFD9B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04782D8A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04782D8A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04782D8A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04782D8A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04782D8A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B2581 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B2581 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B2581 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B2581 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0481FE87 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047AAE73 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047AAE73 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047AAE73 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047AAE73 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047AAE73 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0479766D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04850EA5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04850EA5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04850EA5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_048046A7 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04797E41 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04797E41 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04797E41 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04797E41 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04797E41 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04797E41 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0483FEC0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04858ED6 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478E620 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BA61C mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BA61C mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478C600 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478C600 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478C600 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B8E00 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04841608 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B16E0 mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047976E2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B36CC mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C8EC7 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0483FE3F mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0484AE44 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0484AE44 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04807794 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04807794 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04807794 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0479FF60 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0479EF40 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BE730 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04784F2E mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04784F2E mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047AF716 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BA70E mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BA70E mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0485070D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0485070D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C37F5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0481FF10 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0481FF10 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04798794 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04858F6A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04803884 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04803884 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047A0050 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047A0050 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0481B8D0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0481B8D0 mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0481B8D0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0481B8D0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0481B8D0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0481B8D0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0479B02A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0479B02A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0479B02A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0479B02A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B002D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B002D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B002D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B002D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B002D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04854015 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04854015 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047858EC mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04807016 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04807016 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04807016 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047840E1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047840E1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047840E1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BF0BF mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BF0BF mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BF0BF mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C90AF mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B20A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B20A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B20A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B20A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B20A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B20A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04851074 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04842073 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04789080 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478B171 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478B171 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478C962 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_048069A6 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047AB944 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047AB944 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_048051BE mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_048051BE mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_048051BE mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_048051BE mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B513A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B513A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047A4120 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047A4120 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047A4120 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047A4120 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047A4120 mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_048141E8 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04789100 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04789100 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04789100 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478B1E1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478B1E1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478B1E1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B61A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B61A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B2990 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047AC182 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BA185 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C927A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04789240 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04789240 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04789240 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04789240 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C4A2C mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047C4A2C mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047A3A1C mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04785210 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04785210 mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04785210 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04785210 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478AA16 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478AA16 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04798A0A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0484AA16 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0484AA16 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B2AE4 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B2ACB mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0479AAB0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0479AAB0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BFAB0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0484EA55 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04814257 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047852A5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047852A5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047852A5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047852A5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047852A5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0483B260 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0483B260 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04858A62 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BD294 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BD294 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B3B7A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B3B7A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0483D380 mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0484138A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478DB60 mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04855BA5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478F358 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0478DB40 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_048053CA mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_048053CA mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047ADBE9 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B03E2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B03E2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B03E2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B03E2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B03E2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B03E2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_0484131B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B4BAD mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B4BAD mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B4BAD mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04858B58 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047BB390 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_047B2397 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04791B8F mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 7_2_04791B8F mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Users\user\Desktop\52h0KETBXt.exe VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Source: C:\Users\user\Desktop\52h0KETBXt.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |