Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MD5 & SHA Checksum Utility.exe

Overview

General Information

Sample Name:MD5 & SHA Checksum Utility.exe
Analysis ID:635353
MD5:88a40aa4a04f9391336e7db258a3b16c
SHA1:e0182fde50ebfbeab249dd7c4519ffda1fc9e0f5
SHA256:1dcbf036ef010c301f24bd54cb03ecb15346edefdc0eb3f765aa348422fe5f3b
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Program does not show much activity (idle)
Detected potential crypto function

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: MD5 & SHA Checksum Utility.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeFile opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_88df21dd2faf7c49\MSVCR80.dll
Source: MD5 & SHA Checksum Utility.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.272777292.000000001C168000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272938164.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.267674688.000000001C154000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272927142.000000001C169000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
Source: MD5 & SHA Checksum Utility.exeString found in binary or memory: http://raylin.wordpress.com
Source: MD5 & SHA Checksum Utility.exeString found in binary or memory: http://raylin.wordpress.com/donate/
Source: MD5 & SHA Checksum Utility.exeString found in binary or memory: http://raylin.wordpress.com/downloads/md5-sha-1-checksum-utility
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.274077247.000000001C154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.272194950.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272379429.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272478884.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272286427.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.272379429.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272286427.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comD
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275250508.000000001C158000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.276324149.000000001C15D000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275353411.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275640604.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275149311.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.276139153.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275988193.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275369939.000000001C16B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275337462.000000001C16B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275149311.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275369939.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275337462.000000001C16B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersP
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.526737986.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.279463796.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersiv
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersoi
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275674496.000000001C157000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comF
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.276324149.000000001C15D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comH
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comlic
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275149311.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comva
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.275369939.000000001C16B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comx
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.270750257.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270678522.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270613242.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.270774497.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270678522.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270613242.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnm
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.270678522.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnom
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273515915.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//F
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/F
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/F/
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/P
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0TC
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273515915.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/a%
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/h
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273515915.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/a%
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/h
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.267404201.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com(N
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comL2
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com_2(
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.267404201.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comar
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.267404201.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comlar
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.273989910.000000001C15D000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.274077247.000000001C154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.comn
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.269906441.000000001C167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.269688165.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kral
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.269906441.000000001C167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.krh
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.269688165.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.krim
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.268338463.000000001C16C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.typography.net
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.272038725.000000001C16B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn.cn
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000003.272038725.000000001C16B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cno.
Source: MD5 & SHA Checksum Utility.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: MD5 & SHA Checksum Utility.exe, 00000000.00000002.524959349.000000000114A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs MD5 & SHA Checksum Utility.exe
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeCode function: 0_2_00007FFC010915D6
Source: MD5 & SHA Checksum Utility.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: MD5 & SHA Checksum Utility.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\077cf2bd55145d691314f0889d7a1997\mscorlib.ni.dll
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: classification engineClassification label: clean2.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dll
Source: MD5 & SHA Checksum Utility.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeFile opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_88df21dd2faf7c49\MSVCR80.dll
Source: MD5 & SHA Checksum Utility.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeProcess information set: NOOPENFILEERRORBOX
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeMemory allocated: page read and write | page guard
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Disable or Modify Tools		OS Credential Dumping11
System Information Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
MD5 & SHA Checksum Utility.exe3%VirustotalBrowse
MD5 & SHA Checksum Utility.exe0%MetadefenderBrowse
MD5 & SHA Checksum Utility.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/Y0TC0%VirustotalBrowse
http://www.jiyu-kobo.co.jp/Y0TC0%Avira URL Cloudsafe
http://www.sajatypeworks.comar0%Avira URL Cloudsafe
http://www.sajatypeworks.com(N0%Avira URL Cloudsafe
http://www.sajatypeworks.com_2(0%Avira URL Cloudsafe
http://www.tiro.com0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.carterandcone.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sakkal.comn0%Avira URL Cloudsafe
http://www.typography.netD0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://www.carterandcone.comD0%URL Reputationsafe
http://www.fontbureau.comva0%Avira URL Cloudsafe
http://www.founder.com.cn/cnm0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/a%0%Avira URL Cloudsafe
http://www.typography.net0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/h0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.jiyu-kobo.co.jp//F0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.zhongyicts.com.cn.cn0%Avira URL Cloudsafe
http://www.fontbureau.comF0%URL Reputationsafe
http://www.fontbureau.comH0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/P0%URL Reputationsafe
http://www.sajatypeworks.comL20%Avira URL Cloudsafe
http://www.sandoll.co.krh0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/F0%URL Reputationsafe
http://www.sajatypeworks.comlar0%Avira URL Cloudsafe
http://www.fontbureau.comlic0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
http://en.w0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/a%0%Avira URL Cloudsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/F/0%Avira URL Cloudsafe
http://www.sandoll.co.kral0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.sandoll.co.krim0%URL Reputationsafe
http://www.zhongyicts.com.cno.0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/h0%URL Reputationsafe
http://www.fontbureau.comx0%URL Reputationsafe
http://www.founder.com.cn/cnom0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.fontbureau.com/designersGMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
    		high
    http://www.fontbureau.com/designers/?MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
      		high
      http://www.founder.com.cn/cn/bTheMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://www.jiyu-kobo.co.jp/Y0TCMD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://www.sajatypeworks.comarMD5 & SHA Checksum Utility.exe, 00000000.00000003.267404201.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.fontbureau.com/designers?MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://www.sajatypeworks.com(NMD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		low
        http://www.sajatypeworks.com_2(MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		low
        http://raylin.wordpress.com/downloads/md5-sha-1-checksum-utilityMD5 & SHA Checksum Utility.exefalse
          		high
          http://www.tiro.comMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.fontbureau.com/designersMD5 & SHA Checksum Utility.exe, 00000000.00000003.275337462.000000001C16B000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://www.goodfont.co.krMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.carterandcone.comMD5 & SHA Checksum Utility.exe, 00000000.00000003.272194950.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272379429.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272478884.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272286427.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designersPMD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://www.sajatypeworks.comMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.267404201.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://raylin.wordpress.comMD5 & SHA Checksum Utility.exefalse
                		high
                http://www.sakkal.comnMD5 & SHA Checksum Utility.exe, 00000000.00000003.274077247.000000001C154000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.typography.netDMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.founder.com.cn/cn/cTheMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.galapagosdesign.com/staff/dennis.htmMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://fontfabrik.comMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.carterandcone.comDMD5 & SHA Checksum Utility.exe, 00000000.00000003.272379429.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272286427.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.fontbureau.comvaMD5 & SHA Checksum Utility.exe, 00000000.00000003.275149311.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.founder.com.cn/cnmMD5 & SHA Checksum Utility.exe, 00000000.00000003.270774497.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270678522.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270613242.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/jp/a%MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.typography.netMD5 & SHA Checksum Utility.exe, 00000000.00000003.268338463.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/jp/hMD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://raylin.wordpress.com/donate/MD5 & SHA Checksum Utility.exefalse
                  		high
                  http://www.galapagosdesign.com/DPleaseMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp//FMD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/Y0MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.ascendercorp.com/typedesigners.htmlMD5 & SHA Checksum Utility.exe, 00000000.00000003.274077247.000000001C154000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designersoiMD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://www.fonts.comMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.sandoll.co.krMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.269906441.000000001C167000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.urwpp.deDPleaseMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.zhongyicts.com.cnMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.sakkal.comMD5 & SHA Checksum Utility.exe, 00000000.00000003.273989910.000000001C15D000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designersivMD5 & SHA Checksum Utility.exe, 00000000.00000002.526737986.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.279463796.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://www.apache.org/licenses/LICENSE-2.0MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.fontbureau.comMD5 & SHA Checksum Utility.exe, 00000000.00000003.275250508.000000001C158000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.276324149.000000001C15D000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275353411.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275640604.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275149311.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.276139153.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275988193.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275369939.000000001C16B000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://www.zhongyicts.com.cn.cnMD5 & SHA Checksum Utility.exe, 00000000.00000003.272038725.000000001C16B000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.fontbureau.comFMD5 & SHA Checksum Utility.exe, 00000000.00000003.275674496.000000001C157000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.comHMD5 & SHA Checksum Utility.exe, 00000000.00000003.276324149.000000001C15D000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/PMD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.sajatypeworks.comL2MD5 & SHA Checksum Utility.exe, 00000000.00000003.267397562.000000001C157000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.sandoll.co.krhMD5 & SHA Checksum Utility.exe, 00000000.00000003.269906441.000000001C167000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/FMD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.sajatypeworks.comlarMD5 & SHA Checksum Utility.exe, 00000000.00000003.267404201.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.fontbureau.comlicMD5 & SHA Checksum Utility.exe, 00000000.00000003.278233734.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.278180953.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/jp/MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273515915.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://en.wMD5 & SHA Checksum Utility.exe, 00000000.00000003.272777292.000000001C168000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272938164.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.267674688.000000001C154000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.272927142.000000001C169000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/a%MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273515915.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.carterandcone.comlMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/cabarga.htmlNMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.founder.com.cn/cnMD5 & SHA Checksum Utility.exe, 00000000.00000003.270750257.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270678522.000000001C16C000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.270613242.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/frere-jones.htmlMD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.jiyu-kobo.co.jp/F/MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.sandoll.co.kralMD5 & SHA Checksum Utility.exe, 00000000.00000003.269688165.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/MD5 & SHA Checksum Utility.exe, 00000000.00000003.273464161.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273485035.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273515915.000000001C169000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273621567.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273840514.000000001C167000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.273369750.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.sandoll.co.krimMD5 & SHA Checksum Utility.exe, 00000000.00000003.269688165.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.zhongyicts.com.cno.MD5 & SHA Checksum Utility.exe, 00000000.00000003.272038725.000000001C16B000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers8MD5 & SHA Checksum Utility.exe, 00000000.00000002.527036030.000000001D362000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.jiyu-kobo.co.jp/hMD5 & SHA Checksum Utility.exe, 00000000.00000003.273680651.000000001C16A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.comxMD5 & SHA Checksum Utility.exe, 00000000.00000003.275369939.000000001C16B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers/MD5 & SHA Checksum Utility.exe, 00000000.00000003.275149311.000000001C16A000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275369939.000000001C16B000.00000004.00000020.00020000.00000000.sdmp, MD5 & SHA Checksum Utility.exe, 00000000.00000003.275337462.000000001C16B000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cnomMD5 & SHA Checksum Utility.exe, 00000000.00000003.270678522.000000001C16C000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    No contacted IP infos

                                    General Information

                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                    Analysis ID:635353
                                    Start date and time: 27/05/202220:03:392022-05-27 20:03:39 +02:00
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 6m 17s
                                    Hypervisor based Inspection enabled:false
                                    Report type:light
                                    Sample file name:MD5 & SHA Checksum Utility.exe
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                    Number of analysed new started processes analysed:23
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:CLEAN
                                    Classification:clean2.winEXE@1/0@0/0
                                    EGA Information:Failed
                                    HDC Information:Failed
                                    HCA Information:
                                    • Successful, ratio: 97%
                                    • Number of executed functions: 0
                                    • Number of non-executed functions: 0
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Adjust boot time
                                    • Enable AMSI

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                    • Excluded IPs from analysis (whitelisted): 23.211.6.115
                                    • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, fs.microsoft.com, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                    • Execution Graph export aborted for target MD5 & SHA Checksum Utility.exe, PID 6448 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                    Simulations

                                    Behavior and APIs

                                    No simulations

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASNs

                                    No context

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    No created / dropped files found

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):5.652280949045084
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                    • Windows Screen Saver (13104/52) 0.07%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    File name:MD5 & SHA Checksum Utility.exe
                                    File size:78848
                                    MD5:88a40aa4a04f9391336e7db258a3b16c
                                    SHA1:e0182fde50ebfbeab249dd7c4519ffda1fc9e0f5
                                    SHA256:1dcbf036ef010c301f24bd54cb03ecb15346edefdc0eb3f765aa348422fe5f3b
                                    SHA512:01d7179a3a71f5c66d0a64eb429b6e5509864734428068e84da3025f848af266d57f6db3c5d26e7dd5d6b1d35080d885fe9199cd21a1432965f1a6e35ccb0fef
                                    SSDEEP:1536:RiHEOA6Wqswy+GcKY0SQUfmMXUZGW8yQVYS/NoCIFszn42SWRNp5Kk:RiHEOA6Wqswy+GcKY0SQUeMXUZGxyQVX
                                    TLSH:B173B303EE52D61AD0792EF8017272406EE6A303933DEF893F6DE49A47326405B5AFD5
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.Q....................."......./... ...@....@.. ....................................@................................

                                    File Icon

                                    Icon Hash:2d2727cc93a32348

                                    Static PE Info

                                    General

                                    Entrypoint:0x412f2e
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                    Time Stamp:0x51AB61D1 [Sun Jun 2 15:16:33 2013 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:v2.0.50727
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x12ee00x4b.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x140000x1f68.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x160000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000x10f340x11000False0.266745174632data5.73085209465IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                    .rsrc0x140000x1f680x2000False0.198486328125data3.5418137372IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0x160000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountry
                                    RT_ICON0x141300x1628dBase III DBT, version number 0, next free block index 40
                                    RT_GROUP_ICON0x157580x14data
                                    RT_VERSION0x157700x320data
                                    RT_MANIFEST0x15a900x4d3XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Version Infos

                                    DescriptionData
                                    Translation0x0000 0x04b0
                                    LegalCopyright
                                    Assembly Version2.0.0.0
                                    InternalNameMD5 & SHA Checksum Utility.exe
                                    FileVersion2.0.0.0
                                    ProductNameMD5 & SHA Checksum Utility
                                    ProductVersion2.0.0.0
                                    FileDescriptionMD5 & SHA Checksum Utility
                                    OriginalFilenameMD5 & SHA Checksum Utility.exe

                                    Network Behavior

                                    No network behavior found

                                    Statistics

                                    No statistics

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:20:04:44
                                    Start date:27/05/2022
                                    Path:C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Users\user\Desktop\MD5 & SHA Checksum Utility.exe"
                                    Imagebase:0xd20000
                                    File size:78848 bytes
                                    MD5 hash:88A40AA4A04F9391336E7DB258A3B16C
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:.Net C# or VB.NET
                                    Reputation:low

                                    Disassembly

                                    No disassembly