Windows Analysis Report
MD5 & SHA Checksum Utility.exe

Overview

General Information

Sample Name: MD5 & SHA Checksum Utility.exe
Analysis ID: 635353
MD5: 88a40aa4a04f9391336e7db258a3b16c
SHA1: e0182fde50ebfbeab249dd7c4519ffda1fc9e0f5
SHA256: 1dcbf036ef010c301f24bd54cb03ecb15346edefdc0eb3f765aa348422fe5f3b
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Program does not show much activity (idle)
Detected potential crypto function

Classification

Uses 32bit PE files
Source: MD5 & SHA Checksum Utility.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe File opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_88df21dd2faf7c49\MSVCR80.dll Jump to behavior
Source: MD5 & SHA Checksum Utility.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.272777292.000000001C168000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272938164.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.267674688.000000001C154000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272927142.000000001C169000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://en.w
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fontfabrik.com
Source: MD5 & SHA Checksum Utility.exe String found in binary or memory: http://raylin.wordpress.com
Source: MD5 & SHA Checksum Utility.exe String found in binary or memory: http://raylin.wordpress.com/donate/
Source: MD5 & SHA Checksum Utility.exe String found in binary or memory: http://raylin.wordpress.com/downloads/md5-sha-1-checksum-utility
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.274077247.000000001C154000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.272194950.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272379429.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272478884.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272286427.000000001C16C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.272379429.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272286427.000000001C16C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comD
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275250508.000000001C158000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.276324149.000000001C15D000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275353411.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275640604.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275149311.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.276139153.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275988193.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275369939.000000001C16B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275337462.000000001C16B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275149311.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275369939.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275337462.000000001C16B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersP
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.526737986.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.279463796.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersiv
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersoi
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275674496.000000001C157000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comF
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.276324149.000000001C15D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comH
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comlic
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275149311.000000001C16A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comva
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275369939.000000001C16B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comx
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.270750257.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270678522.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270613242.000000001C16C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.270774497.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270678522.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270613242.000000001C16C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cnm
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.270678522.000000001C16C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cnom
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273515915.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp//F
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/F
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/F/
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/P
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0TC
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273515915.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/a%
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/h
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273515915.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/a%
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/h
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.267404201.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com(N
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.comL2
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com_2(
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.267404201.000000001C16C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.comar
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.267404201.000000001C16C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.comlar
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273989910.000000001C15D000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.274077247.000000001C154000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.comn
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.269906441.000000001C167000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.269688165.000000001C16C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kral
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.269906441.000000001C167000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.krh
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.269688165.000000001C16C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.krim
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.268338463.000000001C16C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.typography.net
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.272038725.000000001C16B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn.cn
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.272038725.000000001C16B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cno.
Uses 32bit PE files
Source: MD5 & SHA Checksum Utility.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Sample file is different than original file name gathered from version info
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.524959349.000000000114A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamemscorwks.dllT vs MD5 & SHA Checksum Utility.exe
Detected potential crypto function
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Code function: 0_2_00007FFC010915D6 0_2_00007FFC010915D6
Source: MD5 & SHA Checksum Utility.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: MD5 & SHA Checksum Utility.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\077cf2bd55145d691314f0889d7a1997\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Section loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Section loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp Jump to behavior
Source: classification engine Classification label: clean2.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe File opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dll Jump to behavior
Source: MD5 & SHA Checksum Utility.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe File opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_88df21dd2faf7c49\MSVCR80.dll Jump to behavior
Source: MD5 & SHA Checksum Utility.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 635353 Sample: MD5 & SHA Checksum Utility.exe Startdate: 27/05/2022 Architecture: WINDOWS Score: 2 4 MD5 & SHA Checksum Utility.exe 2 2->4         started       
No contacted IP infos