Windows Analysis Report
LRF-Demonstration-Software-2.0.0.4.zip

Overview

General Information

Sample name:	LRF-Demonstration-Software-2.0.0.4.zip
Analysis ID:	1523394
MD5:	5227c7472490433f23661011d1822fca
SHA1:	916a590cb230db87ee2158275267efe801033d20
SHA256:	a798a77a7983a3962be5a295f0a5858a36872d1b684b3d13e3e69b1d8b0259b0
Infos:

Detection

Score:	7
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains long sleeps (>= 3 min)

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Launches processes in debugging mode, may be used to hinder debugging

May infect USB drives

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Potentially Suspicious Rundll32 Activity

Stores files to the Windows start menu directory

Stores large binary data to the registry

Classification

Signatures

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\15ca9238891111f0

Jump to behavior

Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe

File created: C:\Users\user\AppData\Local\Temp\VSDC16E.tmp\install.log

Jump to behavior

Source:	Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Interactions\Microsoft.Expression.Interactions.pdbD} source: Microsoft.Expression.Interactions.dll.11.dr, Microsoft.Expression.Interactions.dll0.11.dr, Microsoft.Expression.Interactions.dll.deploy
Source:	Binary string: D:\code\GitHub\NAudio\NAudio\obj\Release\NAudio.pdb source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2452640322.00000000051BC000.00000002.00000001.01000000.0000000E.sdmp, NAudio.dll0.11.dr, NAudio.dll.11.dr, NAudio.dll.deploy
Source:	Binary string: C:\Git\LRF_Tester\obj\Debug\LRF Demonstration Software.pdb8S+RS+ DS+_CorExeMainmscoree.dll source: LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deploy
Source:	Binary string: C:\Git\LRF_Tester\obj\Debug\LRF Demonstration Software.pdb source: LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deploy
Source:	Binary string: f:\dd\trinity\appnet\fx\office\nopia\utilities\word\objr\i386\Microsoft.Office.Tools.Word.v4.0.Utilities.pdb source: Microsoft.Office.Tools.Word.v4.0.Utilities.dll0.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.deploy
Source:	Binary string: Q:\cmd\8\out\binaries\x86ret\bin\i386\Bootstrapper\Engine\setup.pdb@ source: setup.exe
Source:	Binary string: f:\dd\trinity\appnet\fx\office\nopia\utilities\word\objr\i386\Microsoft.Office.Tools.Word.v4.0.Utilities.pdbh source: Microsoft.Office.Tools.Word.v4.0.Utilities.dll0.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.deploy
Source:	Binary string: Q:\cmd\8\out\binaries\x86ret\bin\i386\Bootstrapper\Engine\setup.pdb source: setup.exe
Source:	Binary string: D:\Dev\Math.NET\mathnet-numerics\src\Numerics\obj\Release\net461\MathNet.Numerics.pdbSHA256\|& source: MathNet.Numerics.dll0.11.dr, MathNet.Numerics.dll.11.dr, MathNet.Numerics.dll.deploy
Source:	Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Interactions\Microsoft.Expression.Interactions.pdb source: Microsoft.Expression.Interactions.dll.11.dr, Microsoft.Expression.Interactions.dll0.11.dr, Microsoft.Expression.Interactions.dll.deploy
Source:	Binary string: D:\Dev\Math.NET\mathnet-numerics\src\Numerics\obj\Release\net461\MathNet.Numerics.pdb source: MathNet.Numerics.dll0.11.dr, MathNet.Numerics.dll.11.dr, MathNet.Numerics.dll.deploy
Source:	Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\System.Windows.Interactivity.pdb source: System.Windows.Interactivity.dll0.11.dr, System.Windows.Interactivity.dll.deploy
Source:	Binary string: c:\DotNetZip\Zip Reduced\obj\Release\Ionic.Zip.Reduced.pdb source: LRF Demonstration Software.exe, 0000000C.00000002.2476614120.000000000706C000.00000002.00000001.01000000.00000010.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy

May infect USB drives

Source: LRF-Demonstration-Software-2.0.0.4.zip	Binary or memory string: 2.0.0.4/autorun.inf[autorun]
Source: LRF-Demonstration-Software-2.0.0.4.zip	Binary or memory string: 2.0.0.4/autorun.inf[autorun]
Source: LRF-Demonstration-Software-2.0.0.4.zip	Binary or memory string: 2.0.0.4/autorun.inf
Source: LRF-Demonstration-Software-2.0.0.4.zip	Binary or memory string: P2.0.0.4/autorun.inf
Source: autorun.inf	Binary or memory string: [autorun]

Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\Apps\2.0\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\Apps\	Jump to behavior

Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2311645811.0000020780428000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2311645811.0000020780428000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004486000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://davidowens.wordpress.com/2010/09/07/html-5-canvas-and-dashed-lines/
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/opendocument/meta/rdfa#
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, Microsoft.Expression.Interactions.dll.11.dr, Microsoft.Expression.Interactions.dll0.11.dr, Microsoft.Expression.Interactions.dll.deploy	String found in binary or memory: http://expression/microsoft.expression.interactions.dll
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, System.Windows.Interactivity.dll0.11.dr, System.Windows.Interactivity.dll.deploy	String found in binary or memory: http://expression/system.windows.interactivity.dll0
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2311645811.0000020780428000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://ocsp.comodoca.com0
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://ocsp.thawte.com0
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://openoffice.org/2004/calc
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://openoffice.org/2004/office
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://openoffice.org/2004/writer
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://openoffice.org/2005/report
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.000000000351C000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2418656962.0000000002C39000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: TeeChart.Standard.WPF.dll.deploy	String found in binary or memory: http://www.codeplex.com/DotNetZip.
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.0000000003470000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.newtone.co.jp
Source: LRF Demonstration Software.exe, 0000000C.00000002.2437755770.00000000044EC000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AAC000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2418656962.0000000002AAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.newtone.co.jp/
Source: LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004475000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003B35000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.newtone.co.jp/store/home.asp
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.0000000003470000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.newtone.co.jp/store/home.aspK0
Source: LRF Demonstration Software.exe, 0000000C.00000002.2437755770.00000000044F4000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.newtone.co.jpK
Source: LRF Demonstration Software.exe, 0000000C.00000000.1393095221.0000000000BA2000.00000002.00000001.01000000.0000000C.sdmp, LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deploy	String found in binary or memory: http://www.noptel.fi
Source: LRF Demonstration Software.application	String found in binary or memory: http://www.noptel.fi/
Source: dfsvc.exe, 0000000B.00000002.2322666794.00000207F1A13000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2317823508.00000207EDAE2000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322192295.00000207EFD89000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322069955.00000207EFD73000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322148896.00000207EFD7F000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322596864.00000207F1A08000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2320893040.00000207EFC58000.00000004.00000020.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2414167079.0000000001358000.00000004.00000020.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2414126645.0000000000977000.00000004.00000020.00020000.00000000.sdmp, lrfd..tion_0000000000000000_0002.0000_none_d4004f438420bf16.cdf-ms.11.dr	String found in binary or memory: http://www.noptel.fi/%%%
Source: dfsvc.exe, 0000000B.00000002.2318288546.00000207EDB58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.noptel.fi/00000
Source: setup.exe	String found in binary or memory: http://www.noptel.fi/Begin
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2311645811.0000020780428000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://www.steema.com
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004518000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000034D6000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ADD000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ACD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.steema.com/buy
Source: LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004454000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.00000000044DC000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2418656962.0000000002A5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.steema.com/demo.tee
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ACB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.steema.com/demo.ten
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.0000000003470000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004473000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003B33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.steema.com/teechartnet/test.txt
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.steema.com/test.txt
Source: LRF Demonstration Software.exe, 0000000C.00000002.2459912053.0000000006C15000.00000002.00000001.01000000.0000000F.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2476614120.0000000007149000.00000002.00000001.01000000.00000010.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://www.steema.comT
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.teechart.net/demo.ten
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.000000000448C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.teechart.net/support/index.php
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: dfsvc.exe, 0000000B.00000002.2322148896.00000207EFD7F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.op
Source: dfsvc.exe, 0000000B.00000002.2311645811.000002078001B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
Source: dfsvc.exe, 0000000B.00000002.2311645811.000002078001B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2coreE
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.steema.com/buy
Source: LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ACD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.steema.com/buy-https://www.steema.com/linkIn/tnetstd_startup
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2459912053.0000000006C26000.00000002.00000001.01000000.0000000F.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2480061317.00000000067C2000.00000002.00000001.01000000.00000010.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: https://www.steema.com/files/public/teechart/html5/latest/src
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.steema.com/linkIn/tnetstd_startup

Source: classification engine

Classification label: clean7.winZIP@9/59@0/0

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

File created: C:\Users\user\AppData\Local\Deployment

Jump to behavior

Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe

File created: C:\Users\user\AppData\Local\Temp\VSDC16E.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe

File read: C:\Users\desktop.ini

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe "C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe"
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe "C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe"
Source: unknown	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\dfshim.dll",ShOpenVerbApplication C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\LRF Demonstration Software.application
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe "C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe"
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe "C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe "C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe"	Jump to behavior

Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: dfshim.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: dfshim.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dfshim.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dfshim.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dui70.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: duser.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: thumbcache.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.ui.fileexplorer.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: structuredquery.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.storage.search.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: samlib.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: networkexplorer.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: cldapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: fltlib.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mrmcorer.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.staterepositorycore.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: provsvc.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: actxprxy.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: drprov.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: ntlanman.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: davclnt.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: davhlpr.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: playtodevice.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: devdispitemprovider.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: portabledeviceapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: audiodev.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wmvcore.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wmasf.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mfsrcsnk.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: rtworkq.dll

Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Window detected: Number of UI elements: 15
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Window detected: Number of UI elements: 13

Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\15ca9238891111f0

Jump to behavior

Source: LRF-Demonstration-Software-2.0.0.4.zip

Static file information: File size 5558595 > 1048576

Source:	Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Interactions\Microsoft.Expression.Interactions.pdbD} source: Microsoft.Expression.Interactions.dll.11.dr, Microsoft.Expression.Interactions.dll0.11.dr, Microsoft.Expression.Interactions.dll.deploy
Source:	Binary string: D:\code\GitHub\NAudio\NAudio\obj\Release\NAudio.pdb source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2452640322.00000000051BC000.00000002.00000001.01000000.0000000E.sdmp, NAudio.dll0.11.dr, NAudio.dll.11.dr, NAudio.dll.deploy
Source:	Binary string: C:\Git\LRF_Tester\obj\Debug\LRF Demonstration Software.pdb8S+RS+ DS+_CorExeMainmscoree.dll source: LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deploy
Source:	Binary string: C:\Git\LRF_Tester\obj\Debug\LRF Demonstration Software.pdb source: LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deploy
Source:	Binary string: f:\dd\trinity\appnet\fx\office\nopia\utilities\word\objr\i386\Microsoft.Office.Tools.Word.v4.0.Utilities.pdb source: Microsoft.Office.Tools.Word.v4.0.Utilities.dll0.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.deploy
Source:	Binary string: Q:\cmd\8\out\binaries\x86ret\bin\i386\Bootstrapper\Engine\setup.pdb@ source: setup.exe
Source:	Binary string: f:\dd\trinity\appnet\fx\office\nopia\utilities\word\objr\i386\Microsoft.Office.Tools.Word.v4.0.Utilities.pdbh source: Microsoft.Office.Tools.Word.v4.0.Utilities.dll0.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.deploy
Source:	Binary string: Q:\cmd\8\out\binaries\x86ret\bin\i386\Bootstrapper\Engine\setup.pdb source: setup.exe
Source:	Binary string: D:\Dev\Math.NET\mathnet-numerics\src\Numerics\obj\Release\net461\MathNet.Numerics.pdbSHA256\|& source: MathNet.Numerics.dll0.11.dr, MathNet.Numerics.dll.11.dr, MathNet.Numerics.dll.deploy
Source:	Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Interactions\Microsoft.Expression.Interactions.pdb source: Microsoft.Expression.Interactions.dll.11.dr, Microsoft.Expression.Interactions.dll0.11.dr, Microsoft.Expression.Interactions.dll.deploy
Source:	Binary string: D:\Dev\Math.NET\mathnet-numerics\src\Numerics\obj\Release\net461\MathNet.Numerics.pdb source: MathNet.Numerics.dll0.11.dr, MathNet.Numerics.dll.11.dr, MathNet.Numerics.dll.deploy
Source:	Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\System.Windows.Interactivity.pdb source: System.Windows.Interactivity.dll0.11.dr, System.Windows.Interactivity.dll.deploy
Source:	Binary string: c:\DotNetZip\Zip Reduced\obj\Release\Ionic.Zip.Reduced.pdb source: LRF Demonstration Software.exe, 0000000C.00000002.2476614120.000000000706C000.00000002.00000001.01000000.00000010.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy

Binary contains a suspicious time stamp

Source: MathNet.Numerics.dll.11.dr

Static PE information: 0x8687854D [Wed Jul 10 00:20:29 2041 UTC]

Drops PE files

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ions_31bf3856ad364e35_0004.0005_none_29fb1b4caf46359f\Microsoft.Expression.Interactions.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec..dard_7d79220c74c907b6_0004.07e2_none_9b188e4dd326a5a9\TeeChart.Standard.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ties_b03f5f7f11d50a3a_000a.0000_none_26248fa63945e711\Microsoft.Office.Tools.Word.v4.0.Utilities.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\syst..vity_31bf3856ad364e35_0004.0005_none_1b13e2ad9f564705\System.Windows.Interactivity.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec...wpf_7d79220c74c907b6_0004.07e2_none_99dee6c148ef9332\TeeChart.Standard.WPF.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\MathNet.Numerics.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll	Jump to dropped file

Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe

File created: C:\Users\user\AppData\Local\Temp\VSDC16E.tmp\install.log

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Noptel Oy	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Noptel Oy\LRF Demonstration Software.appref-ms	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Noptel Oy\LRF Demonstration Software online support.url	Jump to behavior

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Stores large binary data to the registry

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

Key value created or modified: HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\lrfd..tion_0000000000000000_0002.0000_a549107a3fb23252 {c989bb7a-8385-4715-98cf-a741a8edb823}!ApplicationTrust

Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Memory allocated: 207EB8E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Memory allocated: 207ED3E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Memory allocated: 30F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Memory allocated: 3290000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Memory allocated: 5290000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Memory allocated: F70000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Memory allocated: 28D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Memory allocated: 48D0000 memory reserve \| memory write watch

Contains long sleeps (>= 3 min)

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599889	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599778	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599666	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599554	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599442	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599331	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599091	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598980	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598869	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598758	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598646	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598534	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598407	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598281	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598169	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598057	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597945	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597830	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597706	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597579	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597451	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597340	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597229	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597117	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597005	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596893	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596767	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596624	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596513	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596401	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596289	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596177	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596065	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595922	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595794	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595682	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595570	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595458	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595347	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595219	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595092	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 594980	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 594868	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 594757	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Window / User API: threadDelayed 9430	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Window / User API: windowPlacementGot 915	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Window / User API: windowPlacementGot 379

Found dropped PE file which has not been started or loaded

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ions_31bf3856ad364e35_0004.0005_none_29fb1b4caf46359f\Microsoft.Expression.Interactions.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec..dard_7d79220c74c907b6_0004.07e2_none_9b188e4dd326a5a9\TeeChart.Standard.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ties_b03f5f7f11d50a3a_000a.0000_none_26248fa63945e711\Microsoft.Office.Tools.Word.v4.0.Utilities.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\syst..vity_31bf3856ad364e35_0004.0005_none_1b13e2ad9f564705\System.Windows.Interactivity.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec...wpf_7d79220c74c907b6_0004.07e2_none_99dee6c148ef9332\TeeChart.Standard.WPF.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\MathNet.Numerics.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -6456360425798339s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599889s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599778s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599666s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599554s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599442s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599331s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599203s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599091s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598980s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598869s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598758s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598646s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598534s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598407s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598281s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598169s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598057s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597945s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597830s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597706s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597579s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597451s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597340s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597229s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597117s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597005s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596893s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596767s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596624s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596513s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596401s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596289s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596177s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596065s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595922s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595794s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595682s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595570s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595458s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595347s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595219s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595092s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -594980s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -594868s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -594757s >= -30000s	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599889	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599778	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599666	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599554	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599442	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599331	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599091	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598980	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598869	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598758	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598646	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598534	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598407	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598281	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598169	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598057	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597945	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597830	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597706	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597579	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597451	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597340	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597229	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597117	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597005	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596893	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596767	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596624	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596513	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596401	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596289	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596177	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596065	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595922	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595794	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595682	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595570	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595458	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595347	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595219	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595092	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 594980	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 594868	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 594757	Jump to behavior

Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\Apps\2.0\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\Apps\	Jump to behavior

Source: LRF Demonstration Software.exe, 00000010.00000002.2500184204.00000000086ED000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: LRF Demonstration Software.exe, 00000010.00000002.2513408198.000000000DC04000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Launches processes in debugging mode, may be used to hinder debugging

Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe

Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

Memory allocated: page read and write | page guard

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userbrili.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe.config VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\noptel_logo_12d.ico VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\TeeChart.Standard.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\TeeChart.Standard.WPF.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\TeeChart.Standard.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\TeeChart.Standard.WPF.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\15ca9238891111f0

Jump to behavior

Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe

File created: C:\Users\user\AppData\Local\Temp\VSDC16E.tmp\install.log

Jump to behavior

Source:	Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Interactions\Microsoft.Expression.Interactions.pdbD} source: Microsoft.Expression.Interactions.dll.11.dr, Microsoft.Expression.Interactions.dll0.11.dr, Microsoft.Expression.Interactions.dll.deploy
Source:	Binary string: D:\code\GitHub\NAudio\NAudio\obj\Release\NAudio.pdb source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2452640322.00000000051BC000.00000002.00000001.01000000.0000000E.sdmp, NAudio.dll0.11.dr, NAudio.dll.11.dr, NAudio.dll.deploy
Source:	Binary string: C:\Git\LRF_Tester\obj\Debug\LRF Demonstration Software.pdb8S+RS+ DS+_CorExeMainmscoree.dll source: LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deploy
Source:	Binary string: C:\Git\LRF_Tester\obj\Debug\LRF Demonstration Software.pdb source: LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deploy
Source:	Binary string: f:\dd\trinity\appnet\fx\office\nopia\utilities\word\objr\i386\Microsoft.Office.Tools.Word.v4.0.Utilities.pdb source: Microsoft.Office.Tools.Word.v4.0.Utilities.dll0.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.deploy
Source:	Binary string: Q:\cmd\8\out\binaries\x86ret\bin\i386\Bootstrapper\Engine\setup.pdb@ source: setup.exe
Source:	Binary string: f:\dd\trinity\appnet\fx\office\nopia\utilities\word\objr\i386\Microsoft.Office.Tools.Word.v4.0.Utilities.pdbh source: Microsoft.Office.Tools.Word.v4.0.Utilities.dll0.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.deploy
Source:	Binary string: Q:\cmd\8\out\binaries\x86ret\bin\i386\Bootstrapper\Engine\setup.pdb source: setup.exe
Source:	Binary string: D:\Dev\Math.NET\mathnet-numerics\src\Numerics\obj\Release\net461\MathNet.Numerics.pdbSHA256\|& source: MathNet.Numerics.dll0.11.dr, MathNet.Numerics.dll.11.dr, MathNet.Numerics.dll.deploy
Source:	Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Interactions\Microsoft.Expression.Interactions.pdb source: Microsoft.Expression.Interactions.dll.11.dr, Microsoft.Expression.Interactions.dll0.11.dr, Microsoft.Expression.Interactions.dll.deploy
Source:	Binary string: D:\Dev\Math.NET\mathnet-numerics\src\Numerics\obj\Release\net461\MathNet.Numerics.pdb source: MathNet.Numerics.dll0.11.dr, MathNet.Numerics.dll.11.dr, MathNet.Numerics.dll.deploy
Source:	Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\System.Windows.Interactivity.pdb source: System.Windows.Interactivity.dll0.11.dr, System.Windows.Interactivity.dll.deploy
Source:	Binary string: c:\DotNetZip\Zip Reduced\obj\Release\Ionic.Zip.Reduced.pdb source: LRF Demonstration Software.exe, 0000000C.00000002.2476614120.000000000706C000.00000002.00000001.01000000.00000010.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy

May infect USB drives

Source: LRF-Demonstration-Software-2.0.0.4.zip	Binary or memory string: 2.0.0.4/autorun.inf[autorun]
Source: LRF-Demonstration-Software-2.0.0.4.zip	Binary or memory string: 2.0.0.4/autorun.inf[autorun]
Source: LRF-Demonstration-Software-2.0.0.4.zip	Binary or memory string: 2.0.0.4/autorun.inf
Source: LRF-Demonstration-Software-2.0.0.4.zip	Binary or memory string: P2.0.0.4/autorun.inf
Source: autorun.inf	Binary or memory string: [autorun]

Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\Apps\2.0\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\Apps\	Jump to behavior

Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2311645811.0000020780428000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2311645811.0000020780428000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004486000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://davidowens.wordpress.com/2010/09/07/html-5-canvas-and-dashed-lines/
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/opendocument/meta/rdfa#
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, Microsoft.Expression.Interactions.dll.11.dr, Microsoft.Expression.Interactions.dll0.11.dr, Microsoft.Expression.Interactions.dll.deploy	String found in binary or memory: http://expression/microsoft.expression.interactions.dll
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, System.Windows.Interactivity.dll0.11.dr, System.Windows.Interactivity.dll.deploy	String found in binary or memory: http://expression/system.windows.interactivity.dll0
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2311645811.0000020780428000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://ocsp.comodoca.com0
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://ocsp.thawte.com0
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://openoffice.org/2004/calc
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://openoffice.org/2004/office
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://openoffice.org/2004/writer
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://openoffice.org/2005/report
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.000000000351C000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2418656962.0000000002C39000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: TeeChart.Standard.WPF.dll.deploy	String found in binary or memory: http://www.codeplex.com/DotNetZip.
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.0000000003470000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.newtone.co.jp
Source: LRF Demonstration Software.exe, 0000000C.00000002.2437755770.00000000044EC000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AAC000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2418656962.0000000002AAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.newtone.co.jp/
Source: LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004475000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003B35000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.newtone.co.jp/store/home.asp
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.0000000003470000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.newtone.co.jp/store/home.aspK0
Source: LRF Demonstration Software.exe, 0000000C.00000002.2437755770.00000000044F4000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.newtone.co.jpK
Source: LRF Demonstration Software.exe, 0000000C.00000000.1393095221.0000000000BA2000.00000002.00000001.01000000.0000000C.sdmp, LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deploy	String found in binary or memory: http://www.noptel.fi
Source: LRF Demonstration Software.application	String found in binary or memory: http://www.noptel.fi/
Source: dfsvc.exe, 0000000B.00000002.2322666794.00000207F1A13000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2317823508.00000207EDAE2000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322192295.00000207EFD89000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322069955.00000207EFD73000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322148896.00000207EFD7F000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322596864.00000207F1A08000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2320893040.00000207EFC58000.00000004.00000020.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2414167079.0000000001358000.00000004.00000020.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2414126645.0000000000977000.00000004.00000020.00020000.00000000.sdmp, lrfd..tion_0000000000000000_0002.0000_none_d4004f438420bf16.cdf-ms.11.dr	String found in binary or memory: http://www.noptel.fi/%%%
Source: dfsvc.exe, 0000000B.00000002.2318288546.00000207EDB58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.noptel.fi/00000
Source: setup.exe	String found in binary or memory: http://www.noptel.fi/Begin
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2311645811.0000020780428000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://www.steema.com
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004518000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000034D6000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ADD000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ACD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.steema.com/buy
Source: LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004454000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.00000000044DC000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2418656962.0000000002A5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.steema.com/demo.tee
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ACB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.steema.com/demo.ten
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.0000000003470000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004473000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003B33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.steema.com/teechartnet/test.txt
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.steema.com/test.txt
Source: LRF Demonstration Software.exe, 0000000C.00000002.2459912053.0000000006C15000.00000002.00000001.01000000.0000000F.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2476614120.0000000007149000.00000002.00000001.01000000.00000010.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: http://www.steema.comT
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.teechart.net/demo.ten
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.000000000448C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.teechart.net/support/index.php
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: dfsvc.exe, 0000000B.00000002.2322148896.00000207EFD7F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.op
Source: dfsvc.exe, 0000000B.00000002.2311645811.000002078001B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
Source: dfsvc.exe, 0000000B.00000002.2311645811.000002078001B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2coreE
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.steema.com/buy
Source: LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ACD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.steema.com/buy-https://www.steema.com/linkIn/tnetstd_startup
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2459912053.0000000006C26000.00000002.00000001.01000000.0000000F.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2480061317.00000000067C2000.00000002.00000001.01000000.00000010.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deploy	String found in binary or memory: https://www.steema.com/files/public/teechart/html5/latest/src
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.steema.com/linkIn/tnetstd_startup

Source: classification engine

Classification label: clean7.winZIP@9/59@0/0

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

File created: C:\Users\user\AppData\Local\Deployment

Jump to behavior

Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe

File created: C:\Users\user\AppData\Local\Temp\VSDC16E.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe

File read: C:\Users\desktop.ini

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe "C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe"
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe "C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe"
Source: unknown	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\dfshim.dll",ShOpenVerbApplication C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\LRF Demonstration Software.application
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe "C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe"
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe "C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe "C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe"	Jump to behavior

Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: dfshim.dll	Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: dfshim.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dfshim.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dfshim.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dui70.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: duser.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: thumbcache.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.ui.fileexplorer.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: structuredquery.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.storage.search.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: samlib.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: networkexplorer.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: cldapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: fltlib.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mrmcorer.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.staterepositorycore.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: provsvc.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: actxprxy.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: drprov.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: ntlanman.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: davclnt.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: davhlpr.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: playtodevice.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: devdispitemprovider.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: portabledeviceapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: audiodev.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wmvcore.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: wmasf.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mfsrcsnk.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Section loaded: rtworkq.dll

Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Window detected: Number of UI elements: 15
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Window detected: Number of UI elements: 13

Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\15ca9238891111f0

Jump to behavior

Source: LRF-Demonstration-Software-2.0.0.4.zip

Static file information: File size 5558595 > 1048576

Source:	Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Interactions\Microsoft.Expression.Interactions.pdbD} source: Microsoft.Expression.Interactions.dll.11.dr, Microsoft.Expression.Interactions.dll0.11.dr, Microsoft.Expression.Interactions.dll.deploy
Source:	Binary string: D:\code\GitHub\NAudio\NAudio\obj\Release\NAudio.pdb source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2452640322.00000000051BC000.00000002.00000001.01000000.0000000E.sdmp, NAudio.dll0.11.dr, NAudio.dll.11.dr, NAudio.dll.deploy
Source:	Binary string: C:\Git\LRF_Tester\obj\Debug\LRF Demonstration Software.pdb8S+RS+ DS+_CorExeMainmscoree.dll source: LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deploy
Source:	Binary string: C:\Git\LRF_Tester\obj\Debug\LRF Demonstration Software.pdb source: LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deploy
Source:	Binary string: f:\dd\trinity\appnet\fx\office\nopia\utilities\word\objr\i386\Microsoft.Office.Tools.Word.v4.0.Utilities.pdb source: Microsoft.Office.Tools.Word.v4.0.Utilities.dll0.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.deploy
Source:	Binary string: Q:\cmd\8\out\binaries\x86ret\bin\i386\Bootstrapper\Engine\setup.pdb@ source: setup.exe
Source:	Binary string: f:\dd\trinity\appnet\fx\office\nopia\utilities\word\objr\i386\Microsoft.Office.Tools.Word.v4.0.Utilities.pdbh source: Microsoft.Office.Tools.Word.v4.0.Utilities.dll0.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.deploy
Source:	Binary string: Q:\cmd\8\out\binaries\x86ret\bin\i386\Bootstrapper\Engine\setup.pdb source: setup.exe
Source:	Binary string: D:\Dev\Math.NET\mathnet-numerics\src\Numerics\obj\Release\net461\MathNet.Numerics.pdbSHA256\|& source: MathNet.Numerics.dll0.11.dr, MathNet.Numerics.dll.11.dr, MathNet.Numerics.dll.deploy
Source:	Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Interactions\Microsoft.Expression.Interactions.pdb source: Microsoft.Expression.Interactions.dll.11.dr, Microsoft.Expression.Interactions.dll0.11.dr, Microsoft.Expression.Interactions.dll.deploy
Source:	Binary string: D:\Dev\Math.NET\mathnet-numerics\src\Numerics\obj\Release\net461\MathNet.Numerics.pdb source: MathNet.Numerics.dll0.11.dr, MathNet.Numerics.dll.11.dr, MathNet.Numerics.dll.deploy
Source:	Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\System.Windows.Interactivity.pdb source: System.Windows.Interactivity.dll0.11.dr, System.Windows.Interactivity.dll.deploy
Source:	Binary string: c:\DotNetZip\Zip Reduced\obj\Release\Ionic.Zip.Reduced.pdb source: LRF Demonstration Software.exe, 0000000C.00000002.2476614120.000000000706C000.00000002.00000001.01000000.00000010.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy

Binary contains a suspicious time stamp

Source: MathNet.Numerics.dll.11.dr

Static PE information: 0x8687854D [Wed Jul 10 00:20:29 2041 UTC]

Drops PE files

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ions_31bf3856ad364e35_0004.0005_none_29fb1b4caf46359f\Microsoft.Expression.Interactions.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec..dard_7d79220c74c907b6_0004.07e2_none_9b188e4dd326a5a9\TeeChart.Standard.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ties_b03f5f7f11d50a3a_000a.0000_none_26248fa63945e711\Microsoft.Office.Tools.Word.v4.0.Utilities.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\syst..vity_31bf3856ad364e35_0004.0005_none_1b13e2ad9f564705\System.Windows.Interactivity.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec...wpf_7d79220c74c907b6_0004.07e2_none_99dee6c148ef9332\TeeChart.Standard.WPF.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\MathNet.Numerics.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll	Jump to dropped file

Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe

File created: C:\Users\user\AppData\Local\Temp\VSDC16E.tmp\install.log

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Noptel Oy	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Noptel Oy\LRF Demonstration Software.appref-ms	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Noptel Oy\LRF Demonstration Software online support.url	Jump to behavior

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Stores large binary data to the registry

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Process information set: NOOPENFILEERRORBOX

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Memory allocated: 207EB8E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Memory allocated: 207ED3E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Memory allocated: 30F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Memory allocated: 3290000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Memory allocated: 5290000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Memory allocated: F70000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Memory allocated: 28D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Memory allocated: 48D0000 memory reserve \| memory write watch

Contains long sleeps (>= 3 min)

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599889	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599778	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599666	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599554	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599442	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599331	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599091	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598980	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598869	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598758	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598646	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598534	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598407	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598281	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598169	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598057	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597945	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597830	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597706	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597579	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597451	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597340	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597229	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597117	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597005	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596893	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596767	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596624	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596513	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596401	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596289	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596177	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596065	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595922	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595794	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595682	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595570	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595458	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595347	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595219	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595092	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 594980	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 594868	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 594757	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Window / User API: threadDelayed 9430	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Window / User API: windowPlacementGot 915	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Window / User API: windowPlacementGot 379

Found dropped PE file which has not been started or loaded

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ions_31bf3856ad364e35_0004.0005_none_29fb1b4caf46359f\Microsoft.Expression.Interactions.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec..dard_7d79220c74c907b6_0004.07e2_none_9b188e4dd326a5a9\TeeChart.Standard.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ties_b03f5f7f11d50a3a_000a.0000_none_26248fa63945e711\Microsoft.Office.Tools.Word.v4.0.Utilities.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\syst..vity_31bf3856ad364e35_0004.0005_none_1b13e2ad9f564705\System.Windows.Interactivity.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec...wpf_7d79220c74c907b6_0004.07e2_none_99dee6c148ef9332\TeeChart.Standard.WPF.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\MathNet.Numerics.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -6456360425798339s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599889s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599778s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599666s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599554s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599442s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599331s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599203s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -599091s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598980s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598869s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598758s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598646s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598534s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598407s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598281s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598169s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -598057s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597945s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597830s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597706s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597579s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597451s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597340s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597229s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597117s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -597005s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596893s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596767s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596624s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596513s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596401s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596289s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596177s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -596065s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595922s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595794s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595682s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595570s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595458s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595347s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595219s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -595092s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -594980s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -594868s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580	Thread sleep time: -594757s >= -30000s	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599889	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599778	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599666	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599554	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599442	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599331	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 599091	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598980	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598869	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598758	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598646	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598534	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598407	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598281	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598169	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 598057	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597945	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597830	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597706	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597579	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597451	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597340	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597229	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597117	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 597005	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596893	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596767	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596624	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596513	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596401	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596289	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596177	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 596065	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595922	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595794	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595682	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595570	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595458	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595347	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595219	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 595092	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 594980	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 594868	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Thread delayed: delay time: 594757	Jump to behavior

Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\Apps\2.0\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	File opened: C:\Users\user\AppData\Local\Apps\	Jump to behavior

Source: LRF Demonstration Software.exe, 00000010.00000002.2500184204.00000000086ED000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: LRF Demonstration Software.exe, 00000010.00000002.2513408198.000000000DC04000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Launches processes in debugging mode, may be used to hinder debugging

Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe

Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

Memory allocated: page read and write | page guard

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userbrili.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe.config VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\noptel_logo_12d.ico VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\TeeChart.Standard.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\TeeChart.Standard.WPF.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\TeeChart.Standard.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\TeeChart.Standard.WPF.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1523394
Product:	CloudBasic
Start time:	15:11:53
Start date:	01.10.2024
Sample:	LRF-Demonstration-Software-2.0.0.4.zip
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	5227c7472490433f23661011d1822fca
SHA1:	916a590cb230db87ee2158275267efe801033d20
SHA256:	a798a77a7983a3962be5a295f0a5858a36872d1b684b3d13e3e69b1d8b0259b0
Filetype:	ZIP compressed archive (8000/1) 99.91%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd...exe_0000000000000000_0002.0000_none_4224d59939602c35\LRF Demonstration Software.exe.config	XML 1.0 document, ASCII text, with CRLF line terminators	1A57EBB88FDB5F99428272A77AEA73E7	B17CD1FFFA5C6D3BAA8F055C912F65D589AEB4BF	5B56D4CB97444C01FEA588C83E28054EEDA738DF205B9E4A7543CEEBC5E4248C
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd...exe_0000000000000000_0002.0000_none_4224d59939602c35\noptel_logo_12d.ico	MS Windows icon resource - 1 icon, -86x-116, 32 bits/pixel	5C19A250AB86C3C63D97359B84A10561	F5A41D4BAF8A269ACC402B5A279C88AD8BA33BBD	0C791E3BD506C7EC9184D31830CBC660F440341F20135950C2A7762AC95D95B4
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.cdf-ms	data	807D7C6F5AB063D74B2F0DC3D3A91F1C	449076CA8AA1386ED7955E6C449BDCC494FB7F36	BE273C9BFBC326DBFB229B97F6615CC87B4F29DA266700D7CE630E3F45AEEF77
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	B925F79742799809616184C9F7F433F9	97CE9BEE3B0A6DEF4AA852118A5AFA5EA053D1B4	4E64FDFCC115A2A28399EBB2533DC30178A8F653DEB2C7FC4100675EC63AC37C
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.manifest	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	3B88BDE7A3A228E365D1C6810F0BA988	4B93BA15EDABA912C17BCE911ECC484DC73FF89C	32D2229EF34622E275926556A9AFFEDEAC319DA8E195C87C830C8B652D72569E
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\MathNet.Numerics.cdf-ms	data	58CD2DA2B88344CF3DC0BA8E3DE551F7	AC7E504A1AA57CEE8C2E94C7E2811AFE982B618C	AF57281E5592A8842ABF081C248B5EF5163D5088C35F3C557CF3D2E0688FFC9D
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\MathNet.Numerics.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	0C49185D63202A4A98909351964B5E64	B453EFD34E7132BE79ECA12539E1EFB139659D38	3958748CE40A282D30FED4B06F8C8F62C476F482134E34D927ECB7B48B0CDA8B
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\MathNet.Numerics.manifest	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	79518917C6DBD34AB865FD6A8B60C4AD	D417DDBE5A9BD93E4ABDAA0E9F0C5FA3E066DDC4	F3546D3027FB7A89A1554DCD2E951328BC2E2EF9669A352E36B40B453A96749D
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.cdf-ms	data	9EB83B750C789A58FCB9729D4143ED3B	30A53C2A61FE025AD8EC26CCC78A917A8F27826E	4BF2A0C92F1ED7D2CA8C17F0CC004EFC9B8D5F2AF00EB29351670B9AE6CB69B2
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	5DA17FA97FCE539C78E3018EE1C29CD0	CFF12EDD4361FA5C310250EBAACBFC54274F00C8	92254CB54BBDD875F6950C2AFBFE17C001BBF7DCCD43D43EAFDB7D9BFEC35AFE
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.manifest	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	93339CEE5FBBE87129FDD98DD8ED7EA1	4C2B6E4E5D293A3621780FEC5F2C44FEC5C5B061	EBC2AC8B4E9FA4659449B550D981E995F49E8E86D64A2ED72D0B716549DEF6CF
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\lrfd...exe_0000000000000000_0002.0000_none_4224d59939602c35.cdf-ms	data	F34DE9FB13989531EB4E431B92A39066	66586CB9F07BBF0F9A2C9FBCC8A1B24F433DC17F	A408D5532AC9B4D20C6C7F6D569F3899E2351B4360BF73083DF0947D2CD7E4E4
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\lrfd...exe_0000000000000000_0002.0000_none_4224d59939602c35.manifest	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF, LF line terminators	562F51F5E12B2F7016AFC56A9A077F3B	7FF328FF80DD5BF48568C8865163FA898DA880DE	ED4DEDDA4E1B0259381733523E5345369227AD827F3CDB24CDAEFAF9BFEC1895
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\lrfd..tion_0000000000000000_0002.0000_none_d4004f438420bf16.cdf-ms	data	0FC9B588AAF641F5C8A4D5B03C9FA14B	00FFCDCCF440F7D629E2B9F987FE2852BFA63A94	85DFC6D7967F98C30517A0B61BBDC924A8E8A785FB3DF2ABA2235159FCFF340F
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\lrfd..tion_0000000000000000_0002.0000_none_d4004f438420bf16.manifest	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (550), with CRLF line terminators	AAE38A20F9E64052ABE3DA237584D5FE	1A4B4B7339A81E0CC4E9E43ABA47732D710771FA	4796A9C0EAB04D67DD405C2E74AF7A5C70C763B14B029B2830A2B150BFB3FBE6
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\micr..ions_31bf3856ad364e35_0004.0005_none_29fb1b4caf46359f.cdf-ms	data	B4B483BB3B704EFC17005A118899CBFE	9A25E05A89D730ED7A7BBD8A5B8F02FBDF0185A5	6667ADF96581753F0F9B90F8E4EBAF12A34452DA99B394860856FF6DB08DCE9B
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\micr..ions_31bf3856ad364e35_0004.0005_none_29fb1b4caf46359f.manifest	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	A6740389AA99D1B7B0FC5ADA08871AC5	24366FD8DDB3A51436D5D8CAFA2D1C8D5D1F993C	AB9DD629883F11C0FEE157E6CAF545263ADC6E1564576A2B4C23D41AC1406227
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\micr..ties_b03f5f7f11d50a3a_000a.0000_none_26248fa63945e711.cdf-ms	data	910A76E2C105F716A15971D2768D9D76	E2303607E5B2D2B6829DDC966F3AD837E4AFEF65	DC27E08C78D4643ACDE89F695DECBB4E9B0C81F4428437D5E7C0C3772DA6A752
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\micr..ties_b03f5f7f11d50a3a_000a.0000_none_26248fa63945e711.manifest	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	A53017F5F171AA9194627A562BA5B25A	8540AF867924CE1956BD523E270E3EA7E6EAB852	3FEC6148ECD81CA62AA4339FDD46A8E84D14F46B7167D6234CA65E21696FB113
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\syst..vity_31bf3856ad364e35_0004.0005_none_1b13e2ad9f564705.cdf-ms	data	FB5E5EABCEDE9F49FD308BBBB99761EE	00B4DD16F38D0C6578281E32D258020158EAF9C3	291046EB2E6011FBE15B167334FEA9D879A7152E23E3135FBF6F1277E93BFF8A
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\syst..vity_31bf3856ad364e35_0004.0005_none_1b13e2ad9f564705.manifest	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	68772808B79200DB14057ADA8A03C0C7	75E84B0F2D5BF7FCC39CC36F9D5722591FD2705F	FFF0DDBDE5642F9D91A1C383E67835BB161B6D2D69BADF190DB93CCD8BC1B054
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\teec...wpf_7d79220c74c907b6_0004.07e2_none_99dee6c148ef9332.cdf-ms	data	0427512686E01EF5F4412D02B042AA15	0F459A0F714B1F56598AF2C375675A7BFE4494EE	64350083689FB34A351B9A1F4C92D797CD88005205FCD515924A779C424FAFD1
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\teec...wpf_7d79220c74c907b6_0004.07e2_none_99dee6c148ef9332.manifest	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	C90151C32D07254B1182D57FE9955822	57A870217C28052BEC203DDA4EAFA5EA5BF98D31	613F85AA26FB4BD8C0B8A5FDE62EA514DF09CA9F2E8FB55BCC2793F4C9671A1C
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\teec..dard_7d79220c74c907b6_0004.07e2_none_9b188e4dd326a5a9.cdf-ms	data	C85AD954EA293DF83269A87F8C2655A6	7E036A793AE0EDF442F9384A1205F729FBF153C1	130911AAB8DD83A3A20441BEB120B08EF795C3839D923D4F666DDFB32A2007C1
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\teec..dard_7d79220c74c907b6_0004.07e2_none_9b188e4dd326a5a9.manifest	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	D184ED12D2711C498A7782B001D8CC32	91B7D6BE2238341E1B965CB0BC0D6AFDB4461765	B7BF3E123BB5678DE57054379E4CB1F9B54801321DF13839EFFB40EE7EC3A04D
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ions_31bf3856ad364e35_0004.0005_none_29fb1b4caf46359f\Microsoft.Expression.Interactions.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	3034CC0D5CF3731ED90153AA616F3F59	AACE8D26358D9829F0E6632BDDF183534ACFEC0D	63CD5E8A60D77D1007352538A4285C60C0C3EFB9C771035589105A284E4F63A9
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ties_b03f5f7f11d50a3a_000a.0000_none_26248fa63945e711\Microsoft.Office.Tools.Word.v4.0.Utilities.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	537272CF793E1FAA0D82D64F7EEAB1BF	0C678D258C01A56D9ABB8B4B0CAA2B704B6AC4CB	ACA0BF6FD36FF90A704731156E34201C6778AF061D80A108CF9BAAB97C7274BE
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\syst..vity_31bf3856ad364e35_0004.0005_none_1b13e2ad9f564705\System.Windows.Interactivity.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	580244BC805220253A87196913EB3E5E	CE6C4C18CF638F980905B9CB6710EE1FA73BB397	93FBC59E4880AFC9F136C3AC0976ADA7F3FAA7CACEDCE5C824B337CBCA9D2EBF
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec...wpf_7d79220c74c907b6_0004.07e2_none_99dee6c148ef9332\TeeChart.Standard.WPF.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	CB2F1A014FC73297AD52BE4C37CD8E80	2F5891FBDABCF1DEB94D00715DD27382851A7049	4E12D64D98E2CC817D852033A82497AFF6857D9204AA7CE593CC1BFE01E95197
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec..dard_7d79220c74c907b6_0004.07e2_none_9b188e4dd326a5a9\TeeChart.Standard.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	D82F1623BC03A26073D25E6D531686A8	96A92F0297E703C256D6E2B9A25792B42B991E03	1299ADCE2AE24CFCF025764128722577D8C7E85A3404C938FF5BFE4491F4BD23
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\VP936N55.log	Unicode text, UTF-16, little-endian text, with CRLF line terminators	2CD0933BE9D626C4719E6C35DE288F0D	285E5F3E97D6B1C8DE40F5F20AB7E87F42BB6D13	51A461E3D9FC3D45F20B5FCB6E47DD8834A29BD0714AF9174D351EE2B5DCE5A3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\Z5KN6MZ3.log	Unicode text, UTF-16, little-endian text, with CRLF line terminators	8D78854F82178D2DFC3145EF2F75EAAC	5B078B01A57292D3AE6D38CF4CB3597E7396EBA9	0DB0305785A2DBE9E8F0B8B75B13F6D4068AC059BF605E0BD6B3BD024A81C82A
C:\Users\user\AppData\Local\Temp\Deployment\041RJV8M.1QV\3RQWGXPM.JDB.application	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (550), with CRLF line terminators	AAE38A20F9E64052ABE3DA237584D5FE	1A4B4B7339A81E0CC4E9E43ABA47732D710771FA	4796A9C0EAB04D67DD405C2E74AF7A5C70C763B14B029B2830A2B150BFB3FBE6
C:\Users\user\AppData\Local\Temp\Deployment\BHLMXEX4.7VR\VMNAL2P6.0H9.application	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (550), with CRLF line terminators	AAE38A20F9E64052ABE3DA237584D5FE	1A4B4B7339A81E0CC4E9E43ABA47732D710771FA	4796A9C0EAB04D67DD405C2E74AF7A5C70C763B14B029B2830A2B150BFB3FBE6
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	B925F79742799809616184C9F7F433F9	97CE9BEE3B0A6DEF4AA852118A5AFA5EA053D1B4	4E64FDFCC115A2A28399EBB2533DC30178A8F653DEB2C7FC4100675EC63AC37C
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe.config	XML 1.0 document, ASCII text, with CRLF line terminators	1A57EBB88FDB5F99428272A77AEA73E7	B17CD1FFFA5C6D3BAA8F055C912F65D589AEB4BF	5B56D4CB97444C01FEA588C83E28054EEDA738DF205B9E4A7543CEEBC5E4248C
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe.genman	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	3B88BDE7A3A228E365D1C6810F0BA988	4B93BA15EDABA912C17BCE911ECC484DC73FF89C	32D2229EF34622E275926556A9AFFEDEAC319DA8E195C87C830C8B652D72569E
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe.manifest	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF, LF line terminators	562F51F5E12B2F7016AFC56A9A077F3B	7FF328FF80DD5BF48568C8865163FA898DA880DE	ED4DEDDA4E1B0259381733523E5345369227AD827F3CDB24CDAEFAF9BFEC1895
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	0C49185D63202A4A98909351964B5E64	B453EFD34E7132BE79ECA12539E1EFB139659D38	3958748CE40A282D30FED4B06F8C8F62C476F482134E34D927ECB7B48B0CDA8B
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dll.genman	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	79518917C6DBD34AB865FD6A8B60C4AD	D417DDBE5A9BD93E4ABDAA0E9F0C5FA3E066DDC4	F3546D3027FB7A89A1554DCD2E951328BC2E2EF9669A352E36B40B453A96749D
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	3034CC0D5CF3731ED90153AA616F3F59	AACE8D26358D9829F0E6632BDDF183534ACFEC0D	63CD5E8A60D77D1007352538A4285C60C0C3EFB9C771035589105A284E4F63A9
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dll.genman	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	A6740389AA99D1B7B0FC5ADA08871AC5	24366FD8DDB3A51436D5D8CAFA2D1C8D5D1F993C	AB9DD629883F11C0FEE157E6CAF545263ADC6E1564576A2B4C23D41AC1406227
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	537272CF793E1FAA0D82D64F7EEAB1BF	0C678D258C01A56D9ABB8B4B0CAA2B704B6AC4CB	ACA0BF6FD36FF90A704731156E34201C6778AF061D80A108CF9BAAB97C7274BE
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dll.genman	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	A53017F5F171AA9194627A562BA5B25A	8540AF867924CE1956BD523E270E3EA7E6EAB852	3FEC6148ECD81CA62AA4339FDD46A8E84D14F46B7167D6234CA65E21696FB113
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	5DA17FA97FCE539C78E3018EE1C29CD0	CFF12EDD4361FA5C310250EBAACBFC54274F00C8	92254CB54BBDD875F6950C2AFBFE17C001BBF7DCCD43D43EAFDB7D9BFEC35AFE
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll.genman	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	93339CEE5FBBE87129FDD98DD8ED7EA1	4C2B6E4E5D293A3621780FEC5F2C44FEC5C5B061	EBC2AC8B4E9FA4659449B550D981E995F49E8E86D64A2ED72D0B716549DEF6CF
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	580244BC805220253A87196913EB3E5E	CE6C4C18CF638F980905B9CB6710EE1FA73BB397	93FBC59E4880AFC9F136C3AC0976ADA7F3FAA7CACEDCE5C824B337CBCA9D2EBF
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll.genman	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	68772808B79200DB14057ADA8A03C0C7	75E84B0F2D5BF7FCC39CC36F9D5722591FD2705F	FFF0DDBDE5642F9D91A1C383E67835BB161B6D2D69BADF190DB93CCD8BC1B054
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	CB2F1A014FC73297AD52BE4C37CD8E80	2F5891FBDABCF1DEB94D00715DD27382851A7049	4E12D64D98E2CC817D852033A82497AFF6857D9204AA7CE593CC1BFE01E95197
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll.genman	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	C90151C32D07254B1182D57FE9955822	57A870217C28052BEC203DDA4EAFA5EA5BF98D31	613F85AA26FB4BD8C0B8A5FDE62EA514DF09CA9F2E8FB55BCC2793F4C9671A1C
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	D82F1623BC03A26073D25E6D531686A8	96A92F0297E703C256D6E2B9A25792B42B991E03	1299ADCE2AE24CFCF025764128722577D8C7E85A3404C938FF5BFE4491F4BD23
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll.genman	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	D184ED12D2711C498A7782B001D8CC32	91B7D6BE2238341E1B965CB0BC0D6AFDB4461765	B7BF3E123BB5678DE57054379E4CB1F9B54801321DF13839EFFB40EE7EC3A04D
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\noptel_logo_12d.ico	MS Windows icon resource - 1 icon, -86x-116, 32 bits/pixel	5C19A250AB86C3C63D97359B84A10561	F5A41D4BAF8A269ACC402B5A279C88AD8BA33BBD	0C791E3BD506C7EC9184D31830CBC660F440341F20135950C2A7762AC95D95B4
C:\Users\user\AppData\Local\Temp\VSDC16E.tmp\install.log	data	C26E5E15747C73332430027BBF828FD6	B117D3386F5BBD205D6E7B4F97929DC2598FCBC6	36B181C0D064DD5EA01777F0FE0228550DF9D8C3D605ABD8D5330E1B93A4D051
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Noptel Oy\LRF Demonstration Software online support.url	Generic INItialization configuration [InternetShortcut]	BB7C7635CABB98B638CE0BD4D5760A00	E60B146BD624026BFC1D50D54C9FA2E65C273663	6D06F781AB4458AB4BF0E9EDBFAB994A023138EF83782F5AD2A3FC999D4D6F24
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Noptel Oy\LRF Demonstration Software.appref-ms	Unicode text, UTF-16, little-endian text, with no line terminators	B6A407931728745C5F788994F4AB0C99	F11C240ACBA9F2A61860953297870C3E0EB1DF28	744A66309CAAD0C225DDB50AA3CB5C70230DE237AE6591F0D8D75A433F85070C
C:\Users\user\Desktop\-\diagnostics data\-_-0_20241001_09.13.00.dsp	ASCII text, with CRLF line terminators	66EAC0776FC1549BD6C5053B6CF55BF0	FC14DE3D2BBEE2AD2A58AD4F967A03DEDD21C2D6	07D27204DD709569D63F1EB48C74F5D099DA57E8D2A799B01FDF74C1A18A4A1D
C:\Users\user\Desktop\LRF Demonstration Software.appref-ms	Unicode text, UTF-16, little-endian text, with no line terminators	B6A407931728745C5F788994F4AB0C99	F11C240ACBA9F2A61860953297870C3E0EB1DF28	744A66309CAAD0C225DDB50AA3CB5C70230DE237AE6591F0D8D75A433F85070C
C:\Users\user\Pictures\20241001_09.13.33----.0.png	PNG image data, 877 x 462, 8-bit/color RGBA, non-interlaced	2267D5D2C0B2B93F8056F9ED6D86CA30	D5C380A83F2AB4FFBD63F7D82B2B01033365BDB7	F9F51204CB230DC9ADD8E49790E82F6CFBA019D06254059C130A72B661A58043

Windows Analysis Report
LRF-Demonstration-Software-2.0.0.4.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report LRF-Demonstration-Software-2.0.0.4.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
LRF-Demonstration-Software-2.0.0.4.zip