Windows Analysis Report
system.dat

Overview

General Information

Sample name: system.dat
(renamed file extension from none to dat)
Original sample name: system
Analysis ID: 1545070
MD5: debb100904620161abb9aa41952d517d
SHA1: 4c60f0278b50588b7a87299fd7ec22213cb6e8b4
SHA256: 8f1ce3583699abfedc9d5c2bfb760d2fed2ca8f56cb21295e1c5de01378a47ee

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device

Classification

Source: system.dat String found in binary or memory: http://www.passport.com
Source: system.dat Binary string: \Device\LanmanRedirector
Source: system.dat Binary string: \Device\Tcpip_{2B2A698E-59EA-43E1-B19A-50131FCE77C2}\Device\Tcpip_{78EABA17-4CEA-4E66-AA8C-495268357685}\Device\Tcpip_{48AC5D70-0249-4A99-B4D2-54FBAED35584}
Source: system.dat Binary string: \Device\RasPppoe_{2B2A698E-59EA-43E1-B19A-50131FCE77C2}1
Source: system.dat Binary string: \Device\RdpDr
Source: system.dat Binary string: \Device\NetBIOS_NetBT_Tcpip_{2B2A698E-59EA-43E1-B19A-50131FCE77C2}\Device\NetBIOS_NetBT_Tcpip_{78EABA17-4CEA-4E66-AA8C-495268357685}\Device\NetBIOS_NetBT_Tcpip_{48AC5D70-0249-4A99-B4D2-54FBAED35584}
Source: system.dat Binary string: MSAFD NetBIOS [\Device\NetBT_Tcpip_{78EABA17-4CEA-4E66-AA8C-495268357685}] DATAGRAM 1
Source: system.dat Binary string: \Device\NamedPipe
Source: system.dat Binary string: \Device\{C31BDA2C-D3D1-46A2-B70A-758970BB962E}
Source: system.dat Binary string: \Device\{2B2A698E-59EA-43E1-B19A-50131FCE77C2}vk
Source: system.dat Binary string: \Device\MailSlot
Source: system.dat Binary string: \Device\Video0d L
Source: system.dat Binary string: g\Device\Video0
Source: system.dat Binary string: \Device\{9E8DC26F-458C-44A5-A80D-21B7A96AF20E}s
Source: system.dat Binary string: \Device\Mup
Source: system.dat Binary string: \Device\LanmanWorkstation_NetbiosSmb\Device\LanmanWorkstation_NetBT_Tcpip_{2B2A698E-59EA-43E1-B19A-50131FCE77C2}\Device\LanmanWorkstation_NetBT_Tcpip_{78EABA17-4CEA-4E66-AA8C-495268357685}\Device\LanmanWorkstation_NetBT_Tcpip_{48AC5D70-0249-4A99-B4D2-54FBAED35584}
Source: system.dat Binary string: \Device\{2B2A698E-59EA-43E1-B19A-50131FCE77C2}PN
Source: system.dat Binary string: \Device\WebDavRedirector
Source: system.dat Binary string: \Device\NetbiosSmb\Device\NetBT_Tcpip_{2B2A698E-59EA-43E1-B19A-50131FCE77C2}\Device\NetBT_Tcpip_{78EABA17-4CEA-4E66-AA8C-495268357685}\Device\NetBT_Tcpip_{48AC5D70-0249-4A99-B4D2-54FBAED35584}
Source: system.dat Binary string: \Device\Ndisuio_{2B2A698E-59EA-43E1-B19A-50131FCE77C2}m
Source: system.dat Binary string: \Device\
Source: system.dat Binary string: \Device\NdisWanIp2}
Source: system.dat Binary string: MSAFD NetBIOS [\Device\NetBT_Tcpip_{78EABA17-4CEA-4E66-AA8C-495268357685}] SEQPACKET 1
Source: system.dat Binary string: MSAFD NetBIOS [\Device\NetBT_Tcpip_{48AC5D70-0249-4A99-B4D2-54FBAED35584}] SEQPACKET 2
Source: system.dat Binary string: \Device\Video0
Source: system.dat Binary string: \Device\NdisWan_{C31BDA2C-D3D1-46A2-B70A-758970BB962E}\Device\NdisWan_{1F6A35C7-19E4-4BB8-8660-D3F5A5C2025B}\Device\NdisWan_{E5FE635E-3B12-43B4-BB2D-795EF4835211}\Device\NdisWan_{6BC895D6-85DD-4266-BF84-BC678968CEB1}\Device\NdisWan_{9E8DC26F-458C-44A5-A80D-21B7A96AF20E}
Source: system.dat Binary string: \Device\{54C7D140-09EF-11D1-B25A-F5FE627ED95E}
Source: system.dat Binary string: \Device\{6BC895D6-85DD-4266-BF84-BC678968CEB1}
Source: system.dat Binary string: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2B2A698E-59EA-43E1-B19A-50131FCE77C2}] SEQPACKET 0
Source: system.dat Binary string: \Device\{1F6A35C7-19E4-4BB8-8660-D3F5A5C2025B}
Source: system.dat Binary string: \Device\{2B2A698E-59EA-43E1-B19A-50131FCE77C2}-5
Source: system.dat Binary string: \Device\{E5FE635E-3B12-43B4-BB2D-795EF4835211}
Source: system.dat Binary string: \Device\LanmanServer_NetbiosSmb\Device\LanmanServer_NetBT_Tcpip_{2B2A698E-59EA-43E1-B19A-50131FCE77C2}\Device\LanmanServer_NetBT_Tcpip_{78EABA17-4CEA-4E66-AA8C-495268357685}\Device\LanmanServer_NetBT_Tcpip_{48AC5D70-0249-4A99-B4D2-54FBAED35584}
Source: system.dat Binary string: \Device\{C31BDA2C-D3D1-46A2-B70A-758970BB962E}\Device\{1F6A35C7-19E4-4BB8-8660-D3F5A5C2025B}\Device\{E5FE635E-3B12-43B4-BB2D-795EF4835211}\Device\{6BC895D6-85DD-4266-BF84-BC678968CEB1}\Device\{9E8DC26F-458C-44A5-A80D-21B7A96AF20E}
Source: system.dat Binary string: \Device\HarddiskVolume1ion1
Source: system.dat Binary string: \Device\NetBT_Tcpip_{2B2A698E-59EA-43E1-B19A-50131FCE77C2}\Device\NetBT_Tcpip_{78EABA17-4CEA-4E66-AA8C-495268357685}\Device\NetBT_Tcpip_{48AC5D70-0249-4A99-B4D2-54FBAED35584}
Source: system.dat Binary string: MSAFD NetBIOS [\Device\NetBT_Tcpip_{48AC5D70-0249-4A99-B4D2-54FBAED35584}] DATAGRAM 2
Source: system.dat Binary string: \Device\{2B2A698E-59EA-43E1-B19A-50131FCE77C2}\Device\NdisWanIp
Source: system.dat Binary string: \Device\Video0x
Source: system.dat Binary string: \Device\NetBT_Tcpip_{48AC5D70-0249-4A99-B4D2-54FBAED35584}\Device\NetBT_Tcpip_{48AC5D70-0249-4A99-B4D2-54FBAED35584}\Device\NetBT_Tcpip_{78EABA17-4CEA-4E66-AA8C-495268357685}\Device\NetBT_Tcpip_{78EABA17-4CEA-4E66-AA8C-495268357685}\Device\NetBT_Tcpip_{2B2A698E-59EA-43E1-B19A-50131FCE77C2}\Device\NetBT_Tcpip_{2B2A698E-59EA-43E1-B19A-50131FCE77C2}
Source: system.dat Binary string: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2B2A698E-59EA-43E1-B19A-50131FCE77C2}] DATAGRAM 0
Source: system.dat Binary string: \Device\Null
Source: system.dat Binary string: \Device\NetbiosSmbtom
Source: classification engine Classification label: clean1.winDAT@1/0@0/0
Source: C:\Windows\System32\OpenWith.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2752:120:WilError_03
Source: C:\Windows\System32\OpenWith.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: twinui.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: pdh.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: actxprxy.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.ui.appdefaults.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.ui.immersive.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: duser.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: uianimation.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: thumbcache.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: tiledatarepository.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: staterepository.core.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.staterepository.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.staterepositorycore.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: appxdeploymentclient.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: directmanipulation.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32 Jump to behavior
Source: system.dat Static file information: File size 2621440 > 1048576
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: system.dat Binary or memory string: \??\IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#3031303030303030303030303030303030303130#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: system.dat Binary or memory string: \\?\SCSI#Disk&Ven_VMware_&Prod_VMware_Virtual_S&Rev_1.0#4&1588251b&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: system.dat Binary or memory string: ##?#IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#3031303030303030303030303030303030303130#{1186654d-47b8-48b9-beb9-7df113ae3c67}0
Source: system.dat Binary or memory string: Disk&Ven_VMware_&Prod_VMware_Virtual_S&Rev_1.0
Source: system.dat Binary or memory string: \\?\IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#3031303030303030303030303030303030303130#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: system.dat Binary or memory string: VMware Virtual USB Mouse
Source: system.dat Binary or memory string: ##?#IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#3031303030303030303030303030303030303130#{1186654d-47b8-48b9-beb9-7df113ae3c67}
Source: system.dat Binary or memory string: .Disk&Ven_VMware_&Prod_VMware_Virtual_S&Rev_1.0
Source: system.dat Binary or memory string: \\?\IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#3031303030303030303030303030303030303130#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}h
Source: system.dat Binary or memory string: CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____
Source: system.dat Binary or memory string: \??\IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#3031303030303030303030303030303030303130#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}X
Source: system.dat Binary or memory string: SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S&Rev_1.0\4&1588251b&0&000
Source: system.dat Binary or memory string: ##?#IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#3031303030303030303030303030303030303130#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: system.dat Binary or memory string: SCSI\DiskVMware__VMware_Virtual_S1.0_SCSI\DiskVMware__VMware_Virtual_SSCSI\DiskVMware__SCSI\VMware__VMware_Virtual_S1VMware__VMware_Virtual_S1GenDisk
Source: system.dat Binary or memory string: \\?\IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#3031303030303030303030303030303030303130#{1186654d-47b8-48b9-beb9-7df113ae3c67}p
Source: system.dat Binary or memory string: ##?#IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#3031303030303030303030303030303030303130#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0
Source: system.dat Binary or memory string: IDE\CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____IDE\NECVMWar_VMware_IDE_CDR10_______________1.00____IDE\CdRomNECVMWar_VMware_IDE_CDR10_______________NECVMWar_VMware_IDE_CDR10_______________1.00____GenCdRom
Source: system.dat Binary or memory string: VMware Virtual USB Hub
Source: system.dat Binary or memory string: o##?#SCSI#Disk&Ven_VMware_&Prod_VMware_Virtual_S&Rev_1.0#4&1588251b&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}p
Source: system.dat Binary or memory string: P5CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____
Source: system.dat Binary or memory string: \\?\IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#3031303030303030303030303030303030303130#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: system.dat Binary or memory string: ##?#IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#3031303030303030303030303030303030303130#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: system.dat Binary or memory string: \\?\IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#3031303030303030303030303030303030303130#{1186654d-47b8-48b9-beb9-7df113ae3c67}H
Source: system.dat Binary or memory string: ##?#SCSI#Disk&Ven_VMware_&Prod_VMware_Virtual_S&Rev_1.0#4&1588251b&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: system.dat Binary or memory string: VMware, VMware Virtual S SCSI Disk Device
Source: system.dat Binary or memory string: NECVMWar VMware IDE CDR10
Source: system.dat Binary or memory string: IDE\CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____\3031303030303030303030303030303030303130
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: system.dat Binary or memory string: comm.drv commdlg.dll ctl3dv2.dll ddeml.dll keyboard.drv lanman.drv mmsystem.dll mouse.drv netapi.dll olecli.dll olesvr.dll pmspl.dll shell.dll sound.drv system.drv toolhelp.dll vga.drv wfwnet.drv win87em.dll winoldap.mod winsock.dll winspool.exe wowdeb.exe timer.drv rasapi16.dll compobj.dll storage.dll ole2.dll ole2disp.dll ole2nls.dll typelib.dll msvideo.dll avifile.dll msacm.dll mciavi.drv mciseq.drv mciwave.drv progman.exe avicap.dll mapi.dll
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\OpenWith.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1545070 Sample: system Startdate: 30/10/2024 Architecture: WINDOWS Score: 1 4 OpenWith.exe 18 9 2->4         started       
No contacted IP infos