Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: dwrite.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: microsoft.management.infrastructure.native.unmanaged.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: miutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wmidcom.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: rtutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: vaultcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: dwrite.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: fastprox.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: ncobjapi.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: mpclient.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: version.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: wmitomi.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: mi.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: miutils.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: miutils.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: mscoree.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: version.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: windows.storage.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: wldp.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: profapi.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: cryptsp.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: rsaenh.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: cryptbase.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: wbemcomn.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: amsi.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: userenv.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: sspicli.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: rasapi32.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: rasman.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: rtutils.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: mswsock.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: winhttp.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: iphlpapi.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: dhcpcsvc6.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: dhcpcsvc.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: dnsapi.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: winnsi.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: rasadhlp.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: fwpuclnt.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: secur32.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: schannel.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: mskeyprotect.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: ntasn1.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: ncrypt.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: ncryptsslp.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: gpapi.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: vaultcli.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: wintypes.dll | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Section loaded: edputil.dll | |
Source: 0.2.New order.bat.exe.3dd3790.4.raw.unpack, ybbGOTR1N80dNbk6Yv.cs | High entropy of concatenated method names: 'obcHojbACJ', 'YnKHTkWS94', 'V3UHNmonbN', 'AuPHVudqss', 'SJBHWK3PRm', 'wkNHA4K7Me', 'L35Hyg9bdX', 'n89HDZAL4k', 'OepHGjo5FD', 'MoeHJmlv16' |
Source: 0.2.New order.bat.exe.3dd3790.4.raw.unpack, LinkedList.cs | High entropy of concatenated method names: 'mn8lVDqlu', 'Uxue7aya3', 'KsFMnxhPk', 'ruSPXGSHZ', 'tdQBaRbij', 'ApGpyUtBu', 'Bm5j1f22p4rvC7Eu0G', 'yNLEN1RWrWr7H8C9D4', 'Dispose', 'MoveNext' |
Source: 0.2.New order.bat.exe.3dd3790.4.raw.unpack, Architectural.cs | High entropy of concatenated method names: 'Sort', 'Sort', 'u3bDyB9EB', 'jnVG6G0sx', 'NAaJ4PRFw', 'RestoreOriginalBitmap', 'Justy', 'mtp2IE8Nv', 'BfZIR9eYv', 'LowestBreakIteration' |
Source: 0.2.New order.bat.exe.3dd3790.4.raw.unpack, MainForm.cs | High entropy of concatenated method names: 'QEHEJ0ZEc', 'xWtkSmxXM', 'uUSoOZRtA', 'Dispose', 'yeRTIpRwj', 'r1YXj5fPVZm4y3Ug3f', 'K4LEmEBCcbAGHf4JhV', 'V6KVEyrTgoasGeD8Zb', 'ymWMMfbpAnyZ7dSZbA', 'IhZliPvmPYrV1280b1' |
Source: 0.2.New order.bat.exe.3dd3790.4.raw.unpack, wlMuNfYU9ETTr7SmU1.cs | High entropy of concatenated method names: 'vB7dgYlwIB5e4GotdD', 'h1qusDERcT8AOZTJmN', 'O9t3jXtovErCbWCOlE', 'QkAH1cPp6G', 'RgtTUJcyZL', 's7mHwaN5MT', 'n3AHmM6wxu', 'TUlH3q3EyS', 'XPxHXcdE1G', 'gX3mZCcRjff06' |
Source: 0.2.New order.bat.exe.3db9970.7.raw.unpack, ybbGOTR1N80dNbk6Yv.cs | High entropy of concatenated method names: 'obcHojbACJ', 'YnKHTkWS94', 'V3UHNmonbN', 'AuPHVudqss', 'SJBHWK3PRm', 'wkNHA4K7Me', 'L35Hyg9bdX', 'n89HDZAL4k', 'OepHGjo5FD', 'MoeHJmlv16' |
Source: 0.2.New order.bat.exe.3db9970.7.raw.unpack, LinkedList.cs | High entropy of concatenated method names: 'mn8lVDqlu', 'Uxue7aya3', 'KsFMnxhPk', 'ruSPXGSHZ', 'tdQBaRbij', 'ApGpyUtBu', 'Bm5j1f22p4rvC7Eu0G', 'yNLEN1RWrWr7H8C9D4', 'Dispose', 'MoveNext' |
Source: 0.2.New order.bat.exe.3db9970.7.raw.unpack, Architectural.cs | High entropy of concatenated method names: 'Sort', 'Sort', 'u3bDyB9EB', 'jnVG6G0sx', 'NAaJ4PRFw', 'RestoreOriginalBitmap', 'Justy', 'mtp2IE8Nv', 'BfZIR9eYv', 'LowestBreakIteration' |
Source: 0.2.New order.bat.exe.3db9970.7.raw.unpack, MainForm.cs | High entropy of concatenated method names: 'QEHEJ0ZEc', 'xWtkSmxXM', 'uUSoOZRtA', 'Dispose', 'yeRTIpRwj', 'r1YXj5fPVZm4y3Ug3f', 'K4LEmEBCcbAGHf4JhV', 'V6KVEyrTgoasGeD8Zb', 'ymWMMfbpAnyZ7dSZbA', 'IhZliPvmPYrV1280b1' |
Source: 0.2.New order.bat.exe.3db9970.7.raw.unpack, wlMuNfYU9ETTr7SmU1.cs | High entropy of concatenated method names: 'vB7dgYlwIB5e4GotdD', 'h1qusDERcT8AOZTJmN', 'O9t3jXtovErCbWCOlE', 'QkAH1cPp6G', 'RgtTUJcyZL', 's7mHwaN5MT', 'n3AHmM6wxu', 'TUlH3q3EyS', 'XPxHXcdE1G', 'gX3mZCcRjff06' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, l6qPMVdMX6BfPdwIDQ.cs | High entropy of concatenated method names: 'LKtbrWZgSY', 'qrIbG33LxS', 'X6hbE2VckT', 'DNpb7bPZNe', 'VHSbNmocvS', 'Po3bB3uLEM', 'TFBb6Mm0MD', 'vMqb8LErvM', 'fsKbkw6ecy', 'iw4bHfDx8D' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, NJjLR4enOfQShdG3Ge.cs | High entropy of concatenated method names: 'y0XaCWvLCu', 'YAyaS3Obx3', 'bKmamnUYf7', 'RRsarAId9E', 'R67aiW6881', 'wGGaG84L1o', 'E7UaF8FpLx', 'HbAaEn6Acq', 'S4Xa7Nk3gY', 'lqmaqHhUih' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, dXqULNtLGnDfQBQy6rC.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'hTyHIRN9kK', 'rUcHuFvdEf', 'HoxHJOpKAu', 'Q7gHLZAr9J', 'VIlH0qFUdA', 'Pw4HpbXXa7', 'PcjHvgXeGl' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, bU1bgWlRvNyOUhlEYx.cs | High entropy of concatenated method names: 'ktQ8YWlF3a', 'AVV8W4T9oJ', 'Yg98bqi4Vg', 'tHg8dIcXcF', 'rqH82J7B3D', 'LlG8a3rAwT', 'Qsg8363qkL', 'DjP8MigCmN', 'NRH8QfgI5g', 'unR8gYZCqn' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, XcUeDkHp4sP8jOhTp3.cs | High entropy of concatenated method names: 'ByD6QoC1ED', 'IiN6gODnUP', 'ToString', 'kfe6YcQv57', 'lrj6WGocly', 'mjr6bVhSLB', 'HnX6dLigNd', 'O2F62uBRZf', 'elP6avI0HG', 'icj63nwuYx' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, GZ03kWPOeZFvD7CUcp.cs | High entropy of concatenated method names: 'aNNaYfTAwT', 'T4vabPets0', 'Boma26u8Fo', 'VwD2Ug8rSB', 'm9d2zHFoaW', 'f47aXDtwDG', 'CQYa4qPkCq', 'iFbaK8P4ys', 'M10aen7hhR', 'Y8gat0l2EP' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, LasBlFX9WeUamN5FNp.cs | High entropy of concatenated method names: 'Sla8ApAdiG', 'S4e8y5Q5Mw', 'tqO8cbGnfm', 'nTL816hyY9', 'Hnd8IiGBvc', 'p2o8j0gRTe', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, KMZs7584nnwtUfNmc3.cs | High entropy of concatenated method names: 's8WelPHu96', 'j2SeYI4ADl', 'cgueWtvpjl', 'My9ebV7IeH', 'gTUedcPir0', 'lSMe2HWor0', 'lfleah4oPw', 'e92e3RTkoP', 'byfeMrFwjR', 'WWSeQb8OTW' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, VSjCVTUSvXmKiWKROb.cs | High entropy of concatenated method names: 'zyf4aNKf4T', 'WX743I2TiI', 'ALr4Q1uo8u', 'HAc4gWagON', 'VQv4NPNANp', 'tl14BSfoyG', 'VCwJVUFwZTGYImBiLh', 'xQFaaSgyJrLbvxrMvW', 'W1944pKakK', 'TYC4eLvV8K' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, rk41rkzCpdNCSQGOjm.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'psQk9ZtsKX', 'v4CkNecm1r', 'Mp3kBHEVBT', 'y3fk62F7q7', 'tj2k8E4cbN', 'KhKkktoCLY', 'CFlkHLBc6G' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, BGLpFjSc98sNVM64iG.cs | High entropy of concatenated method names: 'ToString', 'VDNBwDRT1p', 'JN7ByItTOB', 'evpBcyMog8', 'HeqB1MJXCu', 'ymdBjJY7Qe', 'cUrBxcnBSh', 'zMSBR3ueGC', 'dHJBO0gLHh', 'dlXBPZLFBK' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, sUlvCO3eplMJYWNb3X.cs | High entropy of concatenated method names: 'yKGdihuIhg', 'iFHdFRbRn3', 'eARbc2Ja8r', 'fusb1D6SRT', 'V4IbjWuwMV', 'XfLbxMkiZ3', 'gEGbRgEeZr', 'oxVbOa4lCd', 'LrabPIlG14', 'If4bTrGwEN' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, y2hVBpNjKBbxIBUPVc.cs | High entropy of concatenated method names: 'DHek48pqhS', 'HuRkewXNTI', 'KC2ktDmrrP', 'soTkYxAj8s', 'qKTkWpLnpJ', 'vjxkdd7d2v', 'RAwk2UXbvr', 'F0O8vvvYf4', 'wdY8nKKose', 'hyt8VNBY8M' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, faXMEMw5RushDJjtyT.cs | High entropy of concatenated method names: 'Dispose', 'lpH4Ve95vb', 'lrBKy4tC1P', 'MrXhhlTqMl', 'LX44UgVvuj', 'BFQ4zst0gp', 'ProcessDialogKey', 'qxaKXLDhTH', 'M8gK4ywHPG', 'INpKK1VICj' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, nEZIrPqLaxk19D94ha.cs | High entropy of concatenated method names: 'mPW6nN8GVU', 'cir6UkCWUr', 'QBw8XJOsGy', 'Oel84eP29X', 'G3X6w49cka', 'BfW6Dl9qed', 'uvX6fI5sak', 'Fwg6Ie9Btg', 'OKZ6uJkfN2', 'lb66JUJdpZ' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, ViwSJLh4wh9R6qppRy.cs | High entropy of concatenated method names: 'S2umvCokE', 'm9ArOXSia', 'f0MG9uu2N', 'KcEFKj6id', 'anq7w4xPt', 'xM0qk18Kr', 'hc8YXusVau9Wgsfqsj', 'DAm3GTlukwKtbhUXlV', 'Ib78cOfZs', 'kwSHgLYEY' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, chdK2lBdt6DGDO5QTm.cs | High entropy of concatenated method names: 'K9w9EIUNrG', 'UT497XJXTv', 'Cos9AZP79r', 'zEO9y2VRH8', 'VR491kVxZo', 'MxP9jEDgRh', 'JZ49RJb4ZB', 'mbZ9OxutXJ', 'eVI9TpH1uN', 'L8p9wP02wJ' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, v8pBoexsCTZvPac9Dh.cs | High entropy of concatenated method names: 'K4KfZ16tlnaUXk1anGf', 'PiOQYy6rwKbANDY1B0X', 'CJG28Kf0cF', 'Xtd2kFooUs', 'hm12HZ7N2h', 'GAywel6cMBjBr96RWlb', 'ThGE7E615VW6UCRvgte' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, HQEor7JLsfuGa3kcR3.cs | High entropy of concatenated method names: 'UhwWIXj5du', 'X4HWuA9fuv', 'VnsWJOICbT', 'CmYWLENhqB', 'kGKW0T3OW6', 'ls7WpxxWtO', 'PkGWvVZMnA', 'rqWWnyD861', 'XcHWVQOww3', 'wQFWUSsQQ6' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, jwNYgSRoli37F24KtC.cs | High entropy of concatenated method names: 'j212lhngkQ', 'EHE2WwODOx', 'InZ2ddVRGg', 'RYi2av9Z8W', 'O8623ICab1', 'JDwd0hZvLW', 'lPodprtlcZ', 'ApTdvoKcY3', 'lqudnSVKEm', 'A4RdV8fi5x' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, LMYQkWtvFG9jRIfNKLA.cs | High entropy of concatenated method names: 'RkikCLVCQ2', 'vTrkSerbEa', 'tWUkmNwoRQ', 'ExXkrVZV67', 'bWikiekJKi', 'Rk6kGevApE', 'OOZkFAIXp8', 'zDtkEV2mAC', 'sjfk7gyQEU', 'ltPkqmikpy' |
Source: 0.2.New order.bat.exe.41df328.2.raw.unpack, xagmt3ZZEPbDShpFjP.cs | High entropy of concatenated method names: 'HWQ2sr7TFl', 'CPf2CL3q1D', 'zjO2mxZYNU', 'JLc2rWQ2nm', 'pHS2GDB7cb', 'vY32FVZi1N', 'KGh27HvUWK', 'SdY2qxvTk2', 'Bw4uUH6NgMadeWgYS8h', 'nHAEa56CIjh9mONdJAl' |
Source: 0.2.New order.bat.exe.7730000.8.raw.unpack, ybbGOTR1N80dNbk6Yv.cs | High entropy of concatenated method names: 'obcHojbACJ', 'YnKHTkWS94', 'V3UHNmonbN', 'AuPHVudqss', 'SJBHWK3PRm', 'wkNHA4K7Me', 'L35Hyg9bdX', 'n89HDZAL4k', 'OepHGjo5FD', 'MoeHJmlv16' |
Source: 0.2.New order.bat.exe.7730000.8.raw.unpack, LinkedList.cs | High entropy of concatenated method names: 'mn8lVDqlu', 'Uxue7aya3', 'KsFMnxhPk', 'ruSPXGSHZ', 'tdQBaRbij', 'ApGpyUtBu', 'Bm5j1f22p4rvC7Eu0G', 'yNLEN1RWrWr7H8C9D4', 'Dispose', 'MoveNext' |
Source: 0.2.New order.bat.exe.7730000.8.raw.unpack, Architectural.cs | High entropy of concatenated method names: 'Sort', 'Sort', 'u3bDyB9EB', 'jnVG6G0sx', 'NAaJ4PRFw', 'RestoreOriginalBitmap', 'Justy', 'mtp2IE8Nv', 'BfZIR9eYv', 'LowestBreakIteration' |
Source: 0.2.New order.bat.exe.7730000.8.raw.unpack, MainForm.cs | High entropy of concatenated method names: 'QEHEJ0ZEc', 'xWtkSmxXM', 'uUSoOZRtA', 'Dispose', 'yeRTIpRwj', 'r1YXj5fPVZm4y3Ug3f', 'K4LEmEBCcbAGHf4JhV', 'V6KVEyrTgoasGeD8Zb', 'ymWMMfbpAnyZ7dSZbA', 'IhZliPvmPYrV1280b1' |
Source: 0.2.New order.bat.exe.7730000.8.raw.unpack, wlMuNfYU9ETTr7SmU1.cs | High entropy of concatenated method names: 'vB7dgYlwIB5e4GotdD', 'h1qusDERcT8AOZTJmN', 'O9t3jXtovErCbWCOlE', 'QkAH1cPp6G', 'RgtTUJcyZL', 's7mHwaN5MT', 'n3AHmM6wxu', 'TUlH3q3EyS', 'XPxHXcdE1G', 'gX3mZCcRjff06' |
Source: 0.2.New order.bat.exe.2df20f0.0.raw.unpack, fJ.cs | High entropy of concatenated method names: 'Jj1', 'MjV', 'VmD', 'OjP', 'AjI', 'sj9', 'jjb', 'yjh', 'RgtTUJcyZL', 'Vmf' |
Source: 0.2.New order.bat.exe.7770000.10.raw.unpack, fJ.cs | High entropy of concatenated method names: 'Jj1', 'MjV', 'VmD', 'OjP', 'AjI', 'sj9', 'jjb', 'yjh', 'RgtTUJcyZL', 'Vmf' |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 7452 | Thread sleep time: -922337203685477s >= -30000s | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7720 | Thread sleep count: 4181 > 30 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7720 | Thread sleep count: 249 > 30 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7916 | Thread sleep time: -1844674407370954s >= -30000s | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7848 | Thread sleep time: -922337203685477s >= -30000s | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7920 | Thread sleep time: -2767011611056431s >= -30000s | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7872 | Thread sleep time: -922337203685477s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -26747778906878833s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -100000s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -99890s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8100 | Thread sleep count: 3050 > 30 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8100 | Thread sleep count: 6770 > 30 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -99781s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -99671s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -99562s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -99453s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -99343s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -99234s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -99125s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -99015s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -98906s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -98796s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -98687s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -98578s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -98468s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -98353s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -98250s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -98140s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -98031s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1200000s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1199889s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1199782s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1199657s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1199547s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1199438s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1199313s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1199188s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1199063s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1198938s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1198827s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1198719s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1198594s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1198484s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1198376s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1198251s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1198126s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1198001s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1197876s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1197751s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1197626s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1197501s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1197376s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1197251s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1197126s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1197001s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1196876s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1196751s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1196626s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1196501s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe TID: 8092 | Thread sleep time: -1196376s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 8004 | Thread sleep time: -922337203685477s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -23980767295822402s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -100000s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7628 | Thread sleep count: 8908 > 30 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -99875s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7628 | Thread sleep count: 949 > 30 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -99765s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -99656s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -99546s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -99437s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -99325s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -99218s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -99109s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -99000s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -98890s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -98777s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -98671s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -98562s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -98453s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -98343s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1199937s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1199828s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1199718s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1199609s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1199499s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1199390s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1199281s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1199171s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1199060s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1198953s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1198843s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1198734s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1198624s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1198515s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1198406s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1198296s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1198187s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1198078s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1197968s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1197859s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1197749s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1197640s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1197531s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1197421s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1197312s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1197202s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1197093s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1196983s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1196874s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1196765s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1196655s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1196546s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1196437s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe TID: 7624 | Thread sleep time: -1196327s >= -30000s | |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 100000 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 99890 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 99781 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 99671 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 99562 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 99453 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 99343 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 99234 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 99125 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 99015 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 98906 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 98796 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 98687 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 98578 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 98468 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 98353 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 98250 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 98140 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 98031 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1200000 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1199889 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1199782 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1199657 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1199547 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1199438 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1199313 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1199188 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1199063 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1198938 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1198827 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1198719 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1198594 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1198484 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1198376 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1198251 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1198126 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1198001 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1197876 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1197751 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1197626 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1197501 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1197376 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1197251 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1197126 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1197001 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1196876 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1196751 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1196626 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1196501 | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Thread delayed: delay time: 1196376 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 922337203685477 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 100000 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 99875 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 99765 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 99656 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 99546 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 99437 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 99325 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 99218 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 99109 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 99000 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 98890 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 98777 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 98671 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 98562 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 98453 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 98343 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1199937 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1199828 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1199718 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1199609 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1199499 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1199390 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1199281 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1199171 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1199060 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1198953 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1198843 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1198734 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1198624 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1198515 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1198406 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1198296 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1198187 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1198078 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1197968 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1197859 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1197749 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1197640 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1197531 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1197421 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1197312 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1197202 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1197093 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1196983 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1196874 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1196765 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1196655 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1196546 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1196437 | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Thread delayed: delay time: 1196327 | |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Users\user\Desktop\New order.bat.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Users\user\Desktop\New order.bat.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New order.bat.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Queries volume information: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Queries volume information: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\ydjgrBUVZiNXwd.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | |