Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MD5 & SHA Checksum Utility.exe

Overview

General Information

Sample Name:MD5 & SHA Checksum Utility.exe
Analysis ID:635353
MD5:88a40aa4a04f9391336e7db258a3b16c
SHA1:e0182fde50ebfbeab249dd7c4519ffda1fc9e0f5
SHA256:1dcbf036ef010c301f24bd54cb03ecb15346edefdc0eb3f765aa348422fe5f3b
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Program does not show much activity (idle)
Detected potential crypto function

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: MD5 & SHA Checksum Utility.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeFile opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_88df21dd2faf7c49\MSVCR80.dllJump to behavior
Source: MD5 & SHA Checksum Utility.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.272777292.000000001C168000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272938164.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.267674688.000000001C154000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272927142.000000001C169000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
Source: MD5 & SHA Checksum Utility.exeString found in binary or memory: http://raylin.wordpress.com
Source: MD5 & SHA Checksum Utility.exeString found in binary or memory: http://raylin.wordpress.com/donate/
Source: MD5 & SHA Checksum Utility.exeString found in binary or memory: http://raylin.wordpress.com/downloads/md5-sha-1-checksum-utility
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.274077247.000000001C154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.272194950.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272379429.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272478884.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272286427.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.272379429.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272286427.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comD
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275250508.000000001C158000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.276324149.000000001C15D000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275353411.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275640604.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275149311.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.276139153.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275988193.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275369939.000000001C16B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275337462.000000001C16B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275149311.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275369939.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275337462.000000001C16B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersP
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.526737986.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.279463796.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersiv
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersoi
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275674496.000000001C157000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comF
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.276324149.000000001C15D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comH
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comlic
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275149311.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comva
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275369939.000000001C16B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comx
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.270750257.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270678522.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270613242.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.270774497.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270678522.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270613242.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnm
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.270678522.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnom
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273515915.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//F
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/F
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/F/
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/P
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0TC
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273515915.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/a%
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/h
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273515915.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/a%
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/h
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.267404201.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com(N
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comL2
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com_2(
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.267404201.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comar
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.267404201.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comlar
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273989910.000000001C15D000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.274077247.000000001C154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.comn
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.269906441.000000001C167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.269688165.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kral
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.269906441.000000001C167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.krh
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.269688165.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.krim
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.268338463.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.typography.net
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.272038725.000000001C16B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn.cn
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.272038725.000000001C16B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cno.
Source: MD5 & SHA Checksum Utility.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.524959349.000000000114A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs MD5 & SHA Checksum Utility.exe
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeCode function: 0_2_00007FFC010915D60_2_00007FFC010915D6
Source: MD5 & SHA Checksum Utility.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: MD5 & SHA Checksum Utility.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\077cf2bd55145d691314f0889d7a1997\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
Source: classification engineClassification label: clean2.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
Source: MD5 & SHA Checksum Utility.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeFile opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_88df21dd2faf7c49\MSVCR80.dllJump to behavior
Source: MD5 & SHA Checksum Utility.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Disable or Modify Tools		OS Credential Dumping11
System Information Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
MD5 & SHA Checksum Utility.exe3%VirustotalBrowse
MD5 & SHA Checksum Utility.exe0%MetadefenderBrowse
MD5 & SHA Checksum Utility.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/Y0TC0%VirustotalBrowse
http://www.jiyu-kobo.co.jp/Y0TC0%Avira URL Cloudsafe
http://www.sajatypeworks.comar0%Avira URL Cloudsafe
http://www.sajatypeworks.com(N0%Avira URL Cloudsafe
http://www.sajatypeworks.com_2(0%Avira URL Cloudsafe
http://www.tiro.com0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.carterandcone.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sakkal.comn0%Avira URL Cloudsafe
http://www.typography.netD0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://www.carterandcone.comD0%URL Reputationsafe
http://www.fontbureau.comva0%Avira URL Cloudsafe
http://www.founder.com.cn/cnm0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/a%0%Avira URL Cloudsafe
http://www.typography.net0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/h0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.jiyu-kobo.co.jp//F0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.zhongyicts.com.cn.cn0%Avira URL Cloudsafe
http://www.fontbureau.comF0%URL Reputationsafe
http://www.fontbureau.comH0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/P0%URL Reputationsafe
http://www.sajatypeworks.comL20%Avira URL Cloudsafe
http://www.sandoll.co.krh0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/F0%URL Reputationsafe
http://www.sajatypeworks.comlar0%Avira URL Cloudsafe
http://www.fontbureau.comlic0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
http://en.w0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/a%0%Avira URL Cloudsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/F/0%Avira URL Cloudsafe
http://www.sandoll.co.kral0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.sandoll.co.krim0%URL Reputationsafe
http://www.zhongyicts.com.cno.0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/h0%URL Reputationsafe
http://www.fontbureau.comx0%URL Reputationsafe
http://www.founder.com.cn/cnom0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.fontbureau.com/designersGMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
    		high
    http://www.fontbureau.com/designers/?MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
      		high
      http://www.founder.com.cn/cn/bTheMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://www.jiyu-kobo.co.jp/Y0TCMD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://www.sajatypeworks.comarMD5 & SHA Checksum Utility.exe, 00000000.00000003.267404201.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.fontbureau.com/designers?MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://www.sajatypeworks.com(NMD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		low
        http://www.sajatypeworks.com_2(MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		low
        http://raylin.wordpress.com/downloads/md5-sha-1-checksum-utilityMD5 & SHA Checksum Utility.exefalse
          		high
          http://www.tiro.comMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.fontbureau.com/designersMD5 & SHA Checksum Utility.exe, 00000000.00000003.275337462.000000001C16B000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://www.goodfont.co.krMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.carterandcone.comMD5 & SHA Checksum Utility.exe, 00000000.00000003.272194950.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272379429.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272478884.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272286427.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designersPMD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://www.sajatypeworks.comMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.267404201.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://raylin.wordpress.comMD5 & SHA Checksum Utility.exefalse
                		high
                http://www.sakkal.comnMD5 & SHA Checksum Utility.exe, 00000000.00000003.274077247.000000001C154000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.typography.netDMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.founder.com.cn/cn/cTheMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.galapagosdesign.com/staff/dennis.htmMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://fontfabrik.comMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.carterandcone.comDMD5 & SHA Checksum Utility.exe, 00000000.00000003.272379429.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272286427.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.fontbureau.comvaMD5 & SHA Checksum Utility.exe, 00000000.00000003.275149311.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.founder.com.cn/cnmMD5 & SHA Checksum Utility.exe, 00000000.00000003.270774497.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270678522.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270613242.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/jp/a%MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.typography.netMD5 & SHA Checksum Utility.exe, 00000000.00000003.268338463.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/jp/hMD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://raylin.wordpress.com/donate/MD5 & SHA Checksum Utility.exefalse
                  		high
                  http://www.galapagosdesign.com/DPleaseMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp//FMD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/Y0MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.ascendercorp.com/typedesigners.htmlMD5 & SHA Checksum Utility.exe, 00000000.00000003.274077247.000000001C154000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designersoiMD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://www.fonts.comMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.sandoll.co.krMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.269906441.000000001C167000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.urwpp.deDPleaseMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.zhongyicts.com.cnMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.sakkal.comMD5 & SHA Checksum Utility.exe, 00000000.00000003.273989910.000000001C15D000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designersivMD5 & SHA Checksum Utility.exe, 00000000.00000002.526737986.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.279463796.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://www.apache.org/licenses/LICENSE-2.0MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.fontbureau.comMD5 & SHA Checksum Utility.exe, 00000000.00000003.275250508.000000001C158000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.276324149.000000001C15D000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275353411.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275640604.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275149311.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.276139153.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275988193.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275369939.000000001C16B000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://www.zhongyicts.com.cn.cnMD5 & SHA Checksum Utility.exe, 00000000.00000003.272038725.000000001C16B000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.fontbureau.comFMD5 & SHA Checksum Utility.exe, 00000000.00000003.275674496.000000001C157000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.comHMD5 & SHA Checksum Utility.exe, 00000000.00000003.276324149.000000001C15D000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/PMD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.sajatypeworks.comL2MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.sandoll.co.krhMD5 & SHA Checksum Utility.exe, 00000000.00000003.269906441.000000001C167000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/FMD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.sajatypeworks.comlarMD5 & SHA Checksum Utility.exe, 00000000.00000003.267404201.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.fontbureau.comlicMD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/jp/MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273515915.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://en.wMD5 & SHA Checksum Utility.exe, 00000000.00000003.272777292.000000001C168000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272938164.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.267674688.000000001C154000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272927142.000000001C169000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/a%MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273515915.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.carterandcone.comlMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/cabarga.htmlNMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.founder.com.cn/cnMD5 & SHA Checksum Utility.exe, 00000000.00000003.270750257.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270678522.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270613242.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/frere-jones.htmlMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.jiyu-kobo.co.jp/F/MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.sandoll.co.kralMD5 & SHA Checksum Utility.exe, 00000000.00000003.269688165.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273515915.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.sandoll.co.krimMD5 & SHA Checksum Utility.exe, 00000000.00000003.269688165.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.zhongyicts.com.cno.MD5 & SHA Checksum Utility.exe, 00000000.00000003.272038725.000000001C16B000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers8MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.jiyu-kobo.co.jp/hMD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.comxMD5 & SHA Checksum Utility.exe, 00000000.00000003.275369939.000000001C16B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers/MD5 & SHA Checksum Utility.exe, 00000000.00000003.275149311.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275369939.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275337462.000000001C16B000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cnomMD5 & SHA Checksum Utility.exe, 00000000.00000003.270678522.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    No contacted IP infos

                                    General Information

                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                    Analysis ID:635353
                                    Start date and time: 27/05/202220:03:392022-05-27 20:03:39 +02:00
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 6m 17s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:MD5 & SHA Checksum Utility.exe
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                    Number of analysed new started processes analysed:23
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:CLEAN
                                    Classification:clean2.winEXE@1/0@0/0
                                    EGA Information:Failed
                                    HDC Information:Failed
                                    HCA Information:
                                    • Successful, ratio: 97%
                                    • Number of executed functions: 18
                                    • Number of non-executed functions: 0
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Adjust boot time
                                    • Enable AMSI

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                    • Excluded IPs from analysis (whitelisted): 23.211.6.115
                                    • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, fs.microsoft.com, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                    • Execution Graph export aborted for target MD5 & SHA Checksum Utility.exe, PID 6448 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                    Simulations

                                    Behavior and APIs

                                    No simulations

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASNs

                                    No context

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    No created / dropped files found

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):5.652280949045084
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                    • Windows Screen Saver (13104/52) 0.07%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    File name:MD5 & SHA Checksum Utility.exe
                                    File size:78848
                                    MD5:88a40aa4a04f9391336e7db258a3b16c
                                    SHA1:e0182fde50ebfbeab249dd7c4519ffda1fc9e0f5
                                    SHA256:1dcbf036ef010c301f24bd54cb03ecb15346edefdc0eb3f765aa348422fe5f3b
                                    SHA512:01d7179a3a71f5c66d0a64eb429b6e5509864734428068e84da3025f848af266d57f6db3c5d26e7dd5d6b1d35080d885fe9199cd21a1432965f1a6e35ccb0fef
                                    SSDEEP:1536:RiHEOA6Wqswy+GcKY0SQUfmMXUZGW8yQVYS/NoCIFszn42SWRNp5Kk:RiHEOA6Wqswy+GcKY0SQUeMXUZGxyQVX
                                    TLSH:B173B303EE52D61AD0792EF8017272406EE6A303933DEF893F6DE49A47326405B5AFD5
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.Q....................."......./... ...@....@.. ....................................@................................

                                    File Icon

                                    Icon Hash:2d2727cc93a32348

                                    Static PE Info

                                    General

                                    Entrypoint:0x412f2e
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                    Time Stamp:0x51AB61D1 [Sun Jun 2 15:16:33 2013 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:v2.0.50727
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x12ee00x4b.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x140000x1f68.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x160000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000x10f340x11000False0.266745174632data5.73085209465IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                    .rsrc0x140000x1f680x2000False0.198486328125data3.5418137372IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0x160000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountry
                                    RT_ICON0x141300x1628dBase III DBT, version number 0, next free block index 40
                                    RT_GROUP_ICON0x157580x14data
                                    RT_VERSION0x157700x320data
                                    RT_MANIFEST0x15a900x4d3XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Version Infos

                                    DescriptionData
                                    Translation0x0000 0x04b0
                                    LegalCopyright
                                    Assembly Version2.0.0.0
                                    InternalNameMD5 & SHA Checksum Utility.exe
                                    FileVersion2.0.0.0
                                    ProductNameMD5 & SHA Checksum Utility
                                    ProductVersion2.0.0.0
                                    FileDescriptionMD5 & SHA Checksum Utility
                                    OriginalFilenameMD5 & SHA Checksum Utility.exe

                                    Network Behavior

                                    No network behavior found

                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:20:04:44
                                    Start date:27/05/2022
                                    Path:C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe"
                                    Imagebase:0xd20000
                                    File size:78848 bytes
                                    MD5 hash:88A40AA4A04F9391336E7DB258A3B16C
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:.Net C# or VB.NET
                                    Reputation:low

                                    Disassembly

                                    Reset < >

                                      Executed Functions

                                      Function 00007FFC010915D6 Relevance: 5.0, Instructions: 4979COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5b5b5a3f1ec6f0842702a8ebce5a09dbaf1bf8e00fb1ba2bfdaa205723c419a3
                                      • Instruction ID: fcab3b6e3d9b6885972aa7cd29ba91fc68dc6de85a98756571d5ba4f38a23a15
                                      • Opcode Fuzzy Hash: 5b5b5a3f1ec6f0842702a8ebce5a09dbaf1bf8e00fb1ba2bfdaa205723c419a3
                                      • Instruction Fuzzy Hash: 43730B3070CE488FDB99FB6C9499BA977D2EF99301F4445B9E04EC7293DE24AC448B46
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC010903A1 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: H
                                      • API String ID: 0-2852464175
                                      • Opcode ID: 2b45f463f3bdb8c87bf344a739daff2a31f2cdd403d82e46860c63af9ae8537d
                                      • Instruction ID: 3382d4a5c7787dd56b3eff1d4e9f99323ceb92b2ee2e6ec366bc302455bc5428
                                      • Opcode Fuzzy Hash: 2b45f463f3bdb8c87bf344a739daff2a31f2cdd403d82e46860c63af9ae8537d
                                      • Instruction Fuzzy Hash: D041A070A1CA5D8FEB84EB3C8455A29B7E1EF9A308F4504FDE44DCB297DA28D805C715
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC010903C0 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: H
                                      • API String ID: 0-2852464175
                                      • Opcode ID: e16f8f0a5318fad2e7925d9a75f4e5192d1df88b6e125eb5161509d0e5de4188
                                      • Instruction ID: fdd9ef1aa595a36622f7eb7503e19bd036e1f7814483045f1dc14d5871e740f7
                                      • Opcode Fuzzy Hash: e16f8f0a5318fad2e7925d9a75f4e5192d1df88b6e125eb5161509d0e5de4188
                                      • Instruction Fuzzy Hash: FC418B30A1895D8FEF84EB3CC495A29B7E1EF9A308B4504BCE44ECB296DA28D805C705
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC01090818 Relevance: .3, Instructions: 251COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 28432ed968a44896a26e4133465806f69827cb3986d8f0d5b47965a7782646f0
                                      • Instruction ID: 1dd99b1a794a994512eb7d8355b67bd5f6ba94e7cdc7f0dc151ad305a1b39cbb
                                      • Opcode Fuzzy Hash: 28432ed968a44896a26e4133465806f69827cb3986d8f0d5b47965a7782646f0
                                      • Instruction Fuzzy Hash: 6E71D130A1CA6E8FEB98EF2884657B977D5FF59304F4000B9F44EC7286DE28A805C761
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC01091308 Relevance: .2, Instructions: 230COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4302dd461cfed417f85e412cfa4137aee5ec89f391008438af07f649fb3f747a
                                      • Instruction ID: a4c915a38ff88fb9a4d0d61c00f61ca1e5fe0591fe027edef287f3b6c88bf253
                                      • Opcode Fuzzy Hash: 4302dd461cfed417f85e412cfa4137aee5ec89f391008438af07f649fb3f747a
                                      • Instruction Fuzzy Hash: F951E82070CE1D9FEA88BB6C5099A7972C2EF9C301B85417DE44EC33D3DD68AC45875A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC01090F4B Relevance: .2, Instructions: 194COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e1ed1ede3096710e3557ec525b8363b951188feeed2ee20111922d21d2d04712
                                      • Instruction ID: 20b1161927ab7804bd1c1825094de20ecfba276cf0020f2894c4f85721fe2991
                                      • Opcode Fuzzy Hash: e1ed1ede3096710e3557ec525b8363b951188feeed2ee20111922d21d2d04712
                                      • Instruction Fuzzy Hash: 0F61D5B090CB899FE3B5EF28845D7BA7AE0FB59301F04057F988CC7262EB7445458B46
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC01090BBC Relevance: .2, Instructions: 175COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 04489614fc892cea7188b16e5750f39dfcccb0e14cef480ed49aa00e2d95473a
                                      • Instruction ID: 3f0d0ce01bf2b2bd20fe6f9f07de5e34cecf6d753a560491b13cabe99550c2be
                                      • Opcode Fuzzy Hash: 04489614fc892cea7188b16e5750f39dfcccb0e14cef480ed49aa00e2d95473a
                                      • Instruction Fuzzy Hash: 3541667060C79E5FEB86E76898A56B07B95EF4B320F0900FAE48DCB293DD145C46C362
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC00F4A009 Relevance: .2, Instructions: 150COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.527875228.00007FFC00F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC00F4A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc00f4a000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4d00d41ee5478e7789d146a7a8fd697f8d537cd932c849169a968b2f428c42ee
                                      • Instruction ID: ad32cddf0ebe12cedad85732bc078f0312b459d8213621ce4c41525f6a352edf
                                      • Opcode Fuzzy Hash: 4d00d41ee5478e7789d146a7a8fd697f8d537cd932c849169a968b2f428c42ee
                                      • Instruction Fuzzy Hash: 8841167144CB855FE7668F289C45A523FF0EF62310F1601DFD488CB1A7E624A846C7A2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC01095C51 Relevance: .1, Instructions: 149COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: becfd2e8bbef9809f900a92cf96e28197f1750b7a0ad2c44e6e06df5fd4dd231
                                      • Instruction ID: 849853cec0fa1931818d7c70a50aa111e658ec4b541ada4172eff05499f16432
                                      • Opcode Fuzzy Hash: becfd2e8bbef9809f900a92cf96e28197f1750b7a0ad2c44e6e06df5fd4dd231
                                      • Instruction Fuzzy Hash: 0C412571A0DA9D1FE7459B2898157F97BC2EF49310F5901FAE84DCB1C3DD28A846C3A1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC01091198 Relevance: .1, Instructions: 110COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 959c2a895e0ffe01b98a33955ea238b466d8089012b524ba83e2c66a5ea41642
                                      • Instruction ID: 8e7554c48c9b8f4046207e7425413c81b22f99d1531c7780fc6a180caea99714
                                      • Opcode Fuzzy Hash: 959c2a895e0ffe01b98a33955ea238b466d8089012b524ba83e2c66a5ea41642
                                      • Instruction Fuzzy Hash: 60213E2070CE0D5FEA88BB6C509AA7872D2EF5C301B9446BDE04EC3397CC289C44874A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC01091507 Relevance: .1, Instructions: 94COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3a66d7448cd2918f59a28f1d096895a37dea037ae412c674e34ddea27f151432
                                      • Instruction ID: 8d97ba42960b5be1cbf5b51a71ad1ba2d73a51fdd98aadc8454a5324e0b365d5
                                      • Opcode Fuzzy Hash: 3a66d7448cd2918f59a28f1d096895a37dea037ae412c674e34ddea27f151432
                                      • Instruction Fuzzy Hash: C721E92071CE5D8FEA88FB6D509AA7872D2EFA8701F94027DA04EC3393DD289C458746
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC01090CBD Relevance: .1, Instructions: 61COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9161c24108a08677da432f0a6856502b4042e1c93859e722b2c4957107d2a94c
                                      • Instruction ID: 9e09a2b013b2d2f3b0f57ec5b98e7a22af44bb76e62a595a82cd2d15c3f6d70f
                                      • Opcode Fuzzy Hash: 9161c24108a08677da432f0a6856502b4042e1c93859e722b2c4957107d2a94c
                                      • Instruction Fuzzy Hash: EB01F762B0CB9E0FE755E26D18A53786B82DB99711F0900F7D54DCB2DBDC085C0AC3A2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC01095FE2 Relevance: .1, Instructions: 59COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 600bf5df62c691c22b98d06041ca87e15c3dd875e40c2fc1cd35d7c3d77a45ee
                                      • Instruction ID: 043a54721b9a8846a1090c50e8ced367df3321ab0ea2896779812ef7b828971c
                                      • Opcode Fuzzy Hash: 600bf5df62c691c22b98d06041ca87e15c3dd875e40c2fc1cd35d7c3d77a45ee
                                      • Instruction Fuzzy Hash: D601F921B0CA2E4BFB55A6348495BFE73C2EF89351F5401B6E00EC2283DD18E552C391
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC0109128C Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4a2f78354426e14affe2c82ce46cc570693fa12c00e28b707bc47cc210646a57
                                      • Instruction ID: a4c1f36063774980e82c014958dd5c4ca72ea594f6ac477cecfe656ac2814cbd
                                      • Opcode Fuzzy Hash: 4a2f78354426e14affe2c82ce46cc570693fa12c00e28b707bc47cc210646a57
                                      • Instruction Fuzzy Hash: 8201DA2070CE1D4FDA88FB6C549AAB976D2EF9C301B8541BDE04EC3393DD28AC058756
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC0109015D Relevance: .1, Instructions: 54COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4c86c7706b729f1485ae168902c475666a89257bb5231415e27d63f8c9ba8436
                                      • Instruction ID: d9b648a4f6667aaf9c6bfdb6c3b76ea6f7378b9be6d6e95340a34cfc448c34f1
                                      • Opcode Fuzzy Hash: 4c86c7706b729f1485ae168902c475666a89257bb5231415e27d63f8c9ba8436
                                      • Instruction Fuzzy Hash: 3901DBB085D6DD9FEB01AF2488256F97B60FF1A300F8514A6F48DCB093CA24E504C7A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC01091138 Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a83d1c88d4128dadc23b902dbeef37098f5f32c4b7f0cb9cdcf2985d66b4b5f9
                                      • Instruction ID: 820e8cdd0e93a2eb690363570f6ff20113c756e229c4780327803c6c603bcdc0
                                      • Opcode Fuzzy Hash: a83d1c88d4128dadc23b902dbeef37098f5f32c4b7f0cb9cdcf2985d66b4b5f9
                                      • Instruction Fuzzy Hash: 40F0F061B0CA6E6FEA44F72D085A678B2C1EF58710F4800BDE90EC33D3DC28AC05861A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC010904ED Relevance: .0, Instructions: 41COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 68c15686ac0d9c2b48e86d0239ddc4c35eb89b9a328f432c9c4367882197ad79
                                      • Instruction ID: 991caaf5d60485844309894192514fc27b51ebff93814f9a92a3a1ec546ec337
                                      • Opcode Fuzzy Hash: 68c15686ac0d9c2b48e86d0239ddc4c35eb89b9a328f432c9c4367882197ad79
                                      • Instruction Fuzzy Hash: 98F0F62190C7D59FFB1A963848953A13F918F56314F0E41FAD48DCF1C7C99D04498362
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00007FFC01097812 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.528476009.00007FFC01090000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC01090000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffc01090000_MD5 & SHA Checksum Utility.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6d0a82d500f9f24c7a4f04259af54c6cc92ea20eaaeaa125ad3f2c740e8bef4e
                                      • Instruction ID: 86e0ee3d221baa65a788fa73048ec5cc98b05a13b1fc0c342d12a337859e7de7
                                      • Opcode Fuzzy Hash: 6d0a82d500f9f24c7a4f04259af54c6cc92ea20eaaeaa125ad3f2c740e8bef4e
                                      • Instruction Fuzzy Hash: 1AE0C22074CB0E0FEA45A36C949493877D2DF9A301B4A01F6E40DCB293DE59DC848312
                                      Uniqueness

                                      Uniqueness Score: -1.00%