Source: RegSvcs.exe, 00000006.00000002.1660652423.000000000330C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000B.00000002.2846301055.0000000002FDC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://mail.satsllc.ae |
Source: RegSvcs.exe, 0000000B.00000002.2846301055.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000B.00000002.2844946107.00000000011FF000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000B.00000002.2851809223.0000000006120000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://r3.i.lencr.org/0 |
Source: RegSvcs.exe, 0000000B.00000002.2846301055.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000B.00000002.2844946107.00000000011FF000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000B.00000002.2851809223.0000000006120000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://r3.o.lencr.org0 |
Source: proforma invoice.exe, 00000000.00000002.1648916098.0000000002A35000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.1660652423.0000000003291000.00000004.00000800.00020000.00000000.sdmp, zsHSBdyxHEzyp.exe, 00000007.00000002.1679553238.0000000002882000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000B.00000002.2846301055.0000000002F6C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.coml |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers? |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designersG |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fonts.com |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.goodfont.co.kr |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: RegSvcs.exe, 00000006.00000002.1667152120.0000000006588000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.microsoft. |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sajatypeworks.com |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sakkal.com |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sandoll.co.kr |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.tiro.com |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.typography.netD |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.urwpp.deDPlease |
Source: proforma invoice.exe, 00000000.00000002.1653277289.0000000006DB2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.zhongyicts.com.cn |
Source: RegSvcs.exe, 0000000B.00000002.2846301055.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000B.00000002.2844946107.00000000011FF000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000B.00000002.2851809223.0000000006120000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
Source: RegSvcs.exe, 0000000B.00000002.2846301055.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000B.00000002.2844946107.00000000011FF000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000B.00000002.2851809223.0000000006120000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
Source: proforma invoice.exe, 00000000.00000002.1650823148.0000000003CB2000.00000004.00000800.00020000.00000000.sdmp, proforma invoice.exe, 00000000.00000002.1650823148.00000000045D2000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.1658754074.0000000000402000.00000040.00000400.00020000.00000000.sdmp, zsHSBdyxHEzyp.exe, 00000007.00000002.1682669730.0000000003B53000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://account.dyn.com/ |
Source: proforma invoice.exe, 00000000.00000002.1650823148.0000000003CB2000.00000004.00000800.00020000.00000000.sdmp, proforma invoice.exe, 00000000.00000002.1650823148.00000000045D2000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.1660652423.0000000003291000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.1658754074.0000000000402000.00000040.00000400.00020000.00000000.sdmp, zsHSBdyxHEzyp.exe, 00000007.00000002.1682669730.0000000003B53000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000B.00000002.2846301055.0000000002F6C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org |
Source: RegSvcs.exe, 00000006.00000002.1660652423.0000000003291000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000B.00000002.2846301055.0000000002F6C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org/ |
Source: RegSvcs.exe, 00000006.00000002.1660652423.0000000003291000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000B.00000002.2846301055.0000000002F6C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org/t |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_028383A0 | 0_2_028383A0 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_02837318 | 0_2_02837318 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_028386C8 | 0_2_028386C8 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_02838441 | 0_2_02838441 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_02836FD8 | 0_2_02836FD8 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_02837306 | 0_2_02837306 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_02837352 | 0_2_02837352 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_02837806 | 0_2_02837806 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_04EABCD0 | 0_2_04EABCD0 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_04EA0424 | 0_2_04EA0424 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_04EA2FF0 | 0_2_04EA2FF0 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_04EA3000 | 0_2_04EA3000 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_04EABCC9 | 0_2_04EABCC9 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_05BBB658 | 0_2_05BBB658 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_05BBB648 | 0_2_05BBB648 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_05BF7607 | 0_2_05BF7607 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_05BF61C0 | 0_2_05BF61C0 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_05BF85BF | 0_2_05BF85BF |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_05BFF598 | 0_2_05BFF598 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_05BF8338 | 0_2_05BF8338 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_05BF8328 | 0_2_05BF8328 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_05BF6368 | 0_2_05BF6368 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_072C2E78 | 0_2_072C2E78 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_072C2AC1 | 0_2_072C2AC1 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_072C6970 | 0_2_072C6970 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_072C9578 | 0_2_072C9578 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_072C955E | 0_2_072C955E |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_072CB480 | 0_2_072CB480 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_072CB490 | 0_2_072CB490 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_072C2149 | 0_2_072C2149 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_072CBF00 | 0_2_072CBF00 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_072C2E68 | 0_2_072C2E68 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_072C9DE8 | 0_2_072C9DE8 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_072C1B48 | 0_2_072C1B48 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_072C1B58 | 0_2_072C1B58 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_072C6961 | 0_2_072C6961 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Code function: 0_2_072C99B0 | 0_2_072C99B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_0170AA40 | 6_2_0170AA40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_01704AB8 | 6_2_01704AB8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_01703EA0 | 6_2_01703EA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_017041E8 | 6_2_017041E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06D2B266 | 6_2_06D2B266 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06D23030 | 6_2_06D23030 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06D27668 | 6_2_06D27668 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06D20040 | 6_2_06D20040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06D20007 | 6_2_06D20007 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_025383A0 | 7_2_025383A0 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_02537318 | 7_2_02537318 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_025386C8 | 7_2_025386C8 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_02538441 | 7_2_02538441 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_02536FD8 | 7_2_02536FD8 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_02537352 | 7_2_02537352 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_02537306 | 7_2_02537306 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_02537806 | 7_2_02537806 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_04DCBCD0 | 7_2_04DCBCD0 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_04DC0424 | 7_2_04DC0424 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_04DC2FF0 | 7_2_04DC2FF0 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_04DC3000 | 7_2_04DC3000 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_04DCBCC0 | 7_2_04DCBCC0 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_05A6B658 | 7_2_05A6B658 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_05A6B648 | 7_2_05A6B648 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_05B17607 | 7_2_05B17607 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_05B161C0 | 7_2_05B161C0 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_05B185BF | 7_2_05B185BF |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_05B1F598 | 7_2_05B1F598 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_05B18338 | 7_2_05B18338 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_05B18328 | 7_2_05B18328 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_05B16368 | 7_2_05B16368 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_070C2E78 | 7_2_070C2E78 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_070C2AC1 | 7_2_070C2AC1 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_070C6970 | 7_2_070C6970 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_070C955E | 7_2_070C955E |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_070C9578 | 7_2_070C9578 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_070CB480 | 7_2_070CB480 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_070CB490 | 7_2_070CB490 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_070C2149 | 7_2_070C2149 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_070CBF00 | 7_2_070CBF00 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_070C2E68 | 7_2_070C2E68 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_070C9DE8 | 7_2_070C9DE8 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_070C1B48 | 7_2_070C1B48 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_070C1B58 | 7_2_070C1B58 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_070C6961 | 7_2_070C6961 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_070C99B0 | 7_2_070C99B0 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_09140638 | 7_2_09140638 |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Code function: 7_2_09141FF8 | 7_2_09141FF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_0144E699 | 11_2_0144E699 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_0144AAF9 | 11_2_0144AAF9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_01444AB8 | 11_2_01444AB8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_01443EA0 | 11_2_01443EA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_014441E8 | 11_2_014441E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_0686A068 | 11_2_0686A068 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_068865C0 | 11_2_068865C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_06885578 | 11_2_06885578 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_06883030 | 11_2_06883030 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_0688B1F7 | 11_2_0688B1F7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_0688C158 | 11_2_0688C158 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_06887D48 | 11_2_06887D48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_06887668 | 11_2_06887668 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_0688E368 | 11_2_0688E368 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_06880040 | 11_2_06880040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_06885CB7 | 11_2_06885CB7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_06880007 | 11_2_06880007 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 11_2_06880039 | 11_2_06880039 |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: dwrite.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: microsoft.management.infrastructure.native.unmanaged.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: miutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wmidcom.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: dwrite.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: fastprox.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: ncobjapi.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: mpclient.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: wmitomi.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: mi.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: miutils.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: miutils.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: 0.2.proforma invoice.exe.7510000.7.raw.unpack, R87QTajabri3WprdxA.cs | High entropy of concatenated method names: 'SoFXXYTXBr', 'VXePqW7LxoGttIrQMM', 'VJKqh4rSy8UE5CPs2d', 'w7T6rNymrPsVe05ZjX', 'Qa5usbZfG', 'UsaN6r2JI', 'Dispose', 'xdE70OV1R', 'WKG8Nh2TLfQX7DMBJq', 'FCyDZoO16YhsTUYx7V' |
Source: 0.2.proforma invoice.exe.7510000.7.raw.unpack, I1Ds3abkUA5mh3kywv.cs | High entropy of concatenated method names: 'I6pnpGMEc', 'pUPSoKeTB', 'w3OonGh86', 'S3aaCOvyF', 'MagvcleIh', 'hvmph4XfL', 'eXtqEM8mO', 'RC38AH4Bb', 'hyVW2X9uL', 'AbHynsT40' |
Source: 0.2.proforma invoice.exe.7510000.7.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs | High entropy of concatenated method names: 'sRJJ4PC1lt6MgSX9oLN', 'qCuPUJCYMdGJYrcKdqj', 'T9OMNMJAsS', 'KH71sVC96gudd8OjhqS', 'qSoaq8CnboJYXbPCm1H', 'XtbiVDCeUWVlZdG2V08', 'D2TFRiCIaLSytg31rTE', 'MtxGm4CM57HGXUKQMIN', 'RgtTUJcyZL', 'eFmMT9Tlnp' |
Source: 0.2.proforma invoice.exe.7510000.7.raw.unpack, QEHxtuXFnnkJABhbAo.cs | High entropy of concatenated method names: 'Geosg7Hdn', 'wwIBOnTmd', 'siWV4YECO', 'k32FNitut', 'cUAG5mh3k', 'JwvHwu9Dw', 'cr1hyajqeLqaQ4F9dK', 'Pgut89mcfAIn6Hs5oN', 'Dispose', 'MoveNext' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, VmwKWuvHd119ZA3Iwg.cs | High entropy of concatenated method names: 'DcMIAYR1Kg', 'eboI6ZHItP', 'MIIIWglWOi', 'Da6IrDCknt', 'menILtVE6l', 'GvVIPdLn4w', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, k7gOXFjgXmdTLwyYUN.cs | High entropy of concatenated method names: 'KnJCLoqNkB', 'h0jCK4PPgF', 'JwrCZqIvd2', 'UfPCp0EtsT', 'jvoCOvjybM', 'q4iC5FD56u', 'AT3C2xXKKS', 'wW4CtfnagO', 'V3uCvjJuLV', 'OYaCYysUdU' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, SW4a7KzElOcYfWY2Q6.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PgMinIXO5u', 'VoRiV1JAkS', 'edRiTju72v', 'GJxiyXdIUP', 'niOiIY9K00', 'lyeiivneMD', 'upfiJd3HIQ' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, L6ZjOO5Q0xpPG041Jc.cs | High entropy of concatenated method names: 'eQKytOG5og', 'kUZyY98ZE7', 'CW2IDMH86x', 'kdyIFDLA9P', 'sQKyEgP4eM', 'u43yB6la9W', 'sSTyHFvKtk', 'A3GyLyJlXX', 'l0cyKZGrcE', 'NgJyZvWr1u' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, cUK9qwwkuTra35HK67.cs | High entropy of concatenated method names: 'mNQxgwOIkQ', 'NgdxNvhLgp', 'vH6xuidcbq', 'oCgxcMLQ8Z', 'ycvxUOv6ff', 'MUfxeeL4of', 'LQIxlruP8p', 'V7Lxj1j600', 'qMexkxcSWm', 'T8rxb2XQXp' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, RymMF53hPIv8jZ2UoQ.cs | High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'dBcQvgS9P5', 'hpRQY7uw4o', 'PArQziQEYW', 'h8bmD0thnB', 'NHtmFjUUR0', 'ylRmQrSe8m', 'sBvmmyc0en', 'Anf4OujIX18mpMOksDs' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, FcZM6qtY1r2dbhug8E.cs | High entropy of concatenated method names: 'MjkIXC2tLc', 'GHLICJQfsF', 'F7WI3xD3ib', 'BPLI1xIacd', 'QPoISGy1sU', 'ofXIxfJVE8', 'Oi0I4c3RgV', 'D7EIGeitdy', 'WopIay3uDj', 'jqjIM8Utrf' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, X8PVWqAxlplXlIxPLX.cs | High entropy of concatenated method names: 'CK2SdxZ4sS', 'HTlSCP4gkU', 'X0QS1gs1Ff', 'fDSSxwLHYH', 'JtpS4nZvBq', 'ubM1OIhdAH', 'q1P153Pi02', 'WXd12ks02j', 'TGk1tc2CNJ', 'mOd1vHsqPl' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, iVnOm6H2m1Imsyrxag.cs | High entropy of concatenated method names: 'Ml2njCgXpl', 'QnnnkP2EHl', 'OxtnA0V9Ze', 'E6ln60aB1H', 'O9Unr6d2wA', 'BXgnPMxwyV', 'sf4nhj5Lmx', 'CpAnffRF4p', 'd1Bn7j3SlV', 'b1inE8H07I' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, SoVRqgouxFV0uU8JAr.cs | High entropy of concatenated method names: 'o54Fx7gOXF', 'yXmF4dTLwy', 'LM1FaUjujE', 'NGsFMo0TX9', 'iEdFVwdv8P', 'oWqFTxlplX', 'B5NWgj5Qgv3ikDR30R', 'cpYpmZRmChsGhvs38H', 'kPL2YuXynM6oDM6iJ9', 'jjSFFQSoOD' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, A5ihqyQa5BJ6Lk9Ejj.cs | High entropy of concatenated method names: 'VC7uvJB9Q', 'bH4coRA4J', 'qhie8oSlG', 'Yt3l5IQl2', 'Bujku0IO4', 'B7jbtdi5K', 'bGhMJdeKAPtL7tSI0t', 'SKQOl6QaRTKyc1xNNH', 'qG6IAXyN5', 'O6OJiSg5M' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, EWaS3SFDg9lAKxCh3j7.cs | High entropy of concatenated method names: 'Xhdig9B6he', 'OgHiNiofNY', 'G6aiuCwwbh', 'S5qici1XVD', 'BNPiUIAEPD', 'm5vieFdufH', 'UPIilOal5H', 'rZEij6JChp', 'VnDik2QDZZ', 'ho4ibTpdqb' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, I7f51E4W6BW5boldon.cs | High entropy of concatenated method names: 'ur4mdka9Ba', 'KcimXJrCV8', 'bq6mCFqSUx', 'uUkm3XvGdZ', 'xCvm1LUxx8', 'u9umSOqbMq', 'iGjmxc0t37', 'Gm5m4dDEyJ', 'rTfmGQ6ktY', 'u9pmaIFyF7' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, YTaaRhkM1UjujE7Gso.cs | High entropy of concatenated method names: 'hXC3c9JKg4', 'Toe3e3LAia', 'S6I3jyliT2', 'Hif3k6KOQy', 'V2J3VypNrQ', 'bmg3TeI5RZ', 'JNm3y1xsJZ', 'NOM3IjHBT4', 'wc33iclDoc', 'WLg3JAmxRp' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, bJTYRxhppjLDwbJZ1m.cs | High entropy of concatenated method names: 'BnlxX9OUsi', 'iyHx3Ptw6J', 'UFGxSdum8k', 'k5VSYCWowb', 'EmBSzaqegq', 'WJZxD2HAHk', 'naAxFVp39X', 'fvnxQTMFY1', 'nb4xmn48Yi', 'Pflxojru79' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, JTxclmFmPknCHmOvN4W.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Y6fJLgryEf', 'L6QJKq3glb', 'kxkJZVNPFn', 'ghMJpee9hZ', 'WyPJOyQtRg', 'miwJ5bWoPO', 'J6uJ2vEWMq' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, DrEJdfYX8YdMufEggB.cs | High entropy of concatenated method names: 'fJQiFliT10', 'A7rimodprL', 'rDoioJrALt', 'yDqiXeKvxg', 'xviiCpQC2k', 'TDai1fGQEV', 'WApiSkbuN9', 'LBLI2u7axH', 'fWLItlD7hQ', 'VVxIv07wsE' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, QwBLuJCNfx85cfIVMW.cs | High entropy of concatenated method names: 'Dispose', 'VuBFv7shYg', 'KkjQ6A6RBN', 'sfNrrpg01q', 'gbcFYZM6qY', 'hr2Fzdbhug', 'ProcessDialogKey', 'uE5QDmwKWu', 'Pd1QF19ZA3', 'rwgQQlrEJd' |
Source: 0.2.proforma invoice.exe.7960000.8.raw.unpack, fRhkp3L9uQTgPURHUY.cs | High entropy of concatenated method names: 'NRKV7UF59W', 'YFjVBeKRqd', 'flJVLNK5QK', 'ItIVKt2QTy', 'xfaV6efHso', 't0EVWBiJQV', 'npmVr1lb26', 'oIOVP9eCZN', 'fcAVq8aO9N', 'HiEVhLOuAt' |
Source: 0.2.proforma invoice.exe.2999a64.0.raw.unpack, R87QTajabri3WprdxA.cs | High entropy of concatenated method names: 'SoFXXYTXBr', 'VXePqW7LxoGttIrQMM', 'VJKqh4rSy8UE5CPs2d', 'w7T6rNymrPsVe05ZjX', 'Qa5usbZfG', 'UsaN6r2JI', 'Dispose', 'xdE70OV1R', 'WKG8Nh2TLfQX7DMBJq', 'FCyDZoO16YhsTUYx7V' |
Source: 0.2.proforma invoice.exe.2999a64.0.raw.unpack, I1Ds3abkUA5mh3kywv.cs | High entropy of concatenated method names: 'I6pnpGMEc', 'pUPSoKeTB', 'w3OonGh86', 'S3aaCOvyF', 'MagvcleIh', 'hvmph4XfL', 'eXtqEM8mO', 'RC38AH4Bb', 'hyVW2X9uL', 'AbHynsT40' |
Source: 0.2.proforma invoice.exe.2999a64.0.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs | High entropy of concatenated method names: 'sRJJ4PC1lt6MgSX9oLN', 'qCuPUJCYMdGJYrcKdqj', 'T9OMNMJAsS', 'KH71sVC96gudd8OjhqS', 'qSoaq8CnboJYXbPCm1H', 'XtbiVDCeUWVlZdG2V08', 'D2TFRiCIaLSytg31rTE', 'MtxGm4CM57HGXUKQMIN', 'RgtTUJcyZL', 'eFmMT9Tlnp' |
Source: 0.2.proforma invoice.exe.2999a64.0.raw.unpack, QEHxtuXFnnkJABhbAo.cs | High entropy of concatenated method names: 'Geosg7Hdn', 'wwIBOnTmd', 'siWV4YECO', 'k32FNitut', 'cUAG5mh3k', 'JwvHwu9Dw', 'cr1hyajqeLqaQ4F9dK', 'Pgut89mcfAIn6Hs5oN', 'Dispose', 'MoveNext' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, VmwKWuvHd119ZA3Iwg.cs | High entropy of concatenated method names: 'DcMIAYR1Kg', 'eboI6ZHItP', 'MIIIWglWOi', 'Da6IrDCknt', 'menILtVE6l', 'GvVIPdLn4w', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, k7gOXFjgXmdTLwyYUN.cs | High entropy of concatenated method names: 'KnJCLoqNkB', 'h0jCK4PPgF', 'JwrCZqIvd2', 'UfPCp0EtsT', 'jvoCOvjybM', 'q4iC5FD56u', 'AT3C2xXKKS', 'wW4CtfnagO', 'V3uCvjJuLV', 'OYaCYysUdU' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, SW4a7KzElOcYfWY2Q6.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PgMinIXO5u', 'VoRiV1JAkS', 'edRiTju72v', 'GJxiyXdIUP', 'niOiIY9K00', 'lyeiivneMD', 'upfiJd3HIQ' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, L6ZjOO5Q0xpPG041Jc.cs | High entropy of concatenated method names: 'eQKytOG5og', 'kUZyY98ZE7', 'CW2IDMH86x', 'kdyIFDLA9P', 'sQKyEgP4eM', 'u43yB6la9W', 'sSTyHFvKtk', 'A3GyLyJlXX', 'l0cyKZGrcE', 'NgJyZvWr1u' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, cUK9qwwkuTra35HK67.cs | High entropy of concatenated method names: 'mNQxgwOIkQ', 'NgdxNvhLgp', 'vH6xuidcbq', 'oCgxcMLQ8Z', 'ycvxUOv6ff', 'MUfxeeL4of', 'LQIxlruP8p', 'V7Lxj1j600', 'qMexkxcSWm', 'T8rxb2XQXp' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, RymMF53hPIv8jZ2UoQ.cs | High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'dBcQvgS9P5', 'hpRQY7uw4o', 'PArQziQEYW', 'h8bmD0thnB', 'NHtmFjUUR0', 'ylRmQrSe8m', 'sBvmmyc0en', 'Anf4OujIX18mpMOksDs' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, FcZM6qtY1r2dbhug8E.cs | High entropy of concatenated method names: 'MjkIXC2tLc', 'GHLICJQfsF', 'F7WI3xD3ib', 'BPLI1xIacd', 'QPoISGy1sU', 'ofXIxfJVE8', 'Oi0I4c3RgV', 'D7EIGeitdy', 'WopIay3uDj', 'jqjIM8Utrf' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, X8PVWqAxlplXlIxPLX.cs | High entropy of concatenated method names: 'CK2SdxZ4sS', 'HTlSCP4gkU', 'X0QS1gs1Ff', 'fDSSxwLHYH', 'JtpS4nZvBq', 'ubM1OIhdAH', 'q1P153Pi02', 'WXd12ks02j', 'TGk1tc2CNJ', 'mOd1vHsqPl' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, iVnOm6H2m1Imsyrxag.cs | High entropy of concatenated method names: 'Ml2njCgXpl', 'QnnnkP2EHl', 'OxtnA0V9Ze', 'E6ln60aB1H', 'O9Unr6d2wA', 'BXgnPMxwyV', 'sf4nhj5Lmx', 'CpAnffRF4p', 'd1Bn7j3SlV', 'b1inE8H07I' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, SoVRqgouxFV0uU8JAr.cs | High entropy of concatenated method names: 'o54Fx7gOXF', 'yXmF4dTLwy', 'LM1FaUjujE', 'NGsFMo0TX9', 'iEdFVwdv8P', 'oWqFTxlplX', 'B5NWgj5Qgv3ikDR30R', 'cpYpmZRmChsGhvs38H', 'kPL2YuXynM6oDM6iJ9', 'jjSFFQSoOD' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, A5ihqyQa5BJ6Lk9Ejj.cs | High entropy of concatenated method names: 'VC7uvJB9Q', 'bH4coRA4J', 'qhie8oSlG', 'Yt3l5IQl2', 'Bujku0IO4', 'B7jbtdi5K', 'bGhMJdeKAPtL7tSI0t', 'SKQOl6QaRTKyc1xNNH', 'qG6IAXyN5', 'O6OJiSg5M' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, EWaS3SFDg9lAKxCh3j7.cs | High entropy of concatenated method names: 'Xhdig9B6he', 'OgHiNiofNY', 'G6aiuCwwbh', 'S5qici1XVD', 'BNPiUIAEPD', 'm5vieFdufH', 'UPIilOal5H', 'rZEij6JChp', 'VnDik2QDZZ', 'ho4ibTpdqb' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, I7f51E4W6BW5boldon.cs | High entropy of concatenated method names: 'ur4mdka9Ba', 'KcimXJrCV8', 'bq6mCFqSUx', 'uUkm3XvGdZ', 'xCvm1LUxx8', 'u9umSOqbMq', 'iGjmxc0t37', 'Gm5m4dDEyJ', 'rTfmGQ6ktY', 'u9pmaIFyF7' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, YTaaRhkM1UjujE7Gso.cs | High entropy of concatenated method names: 'hXC3c9JKg4', 'Toe3e3LAia', 'S6I3jyliT2', 'Hif3k6KOQy', 'V2J3VypNrQ', 'bmg3TeI5RZ', 'JNm3y1xsJZ', 'NOM3IjHBT4', 'wc33iclDoc', 'WLg3JAmxRp' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, bJTYRxhppjLDwbJZ1m.cs | High entropy of concatenated method names: 'BnlxX9OUsi', 'iyHx3Ptw6J', 'UFGxSdum8k', 'k5VSYCWowb', 'EmBSzaqegq', 'WJZxD2HAHk', 'naAxFVp39X', 'fvnxQTMFY1', 'nb4xmn48Yi', 'Pflxojru79' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, JTxclmFmPknCHmOvN4W.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Y6fJLgryEf', 'L6QJKq3glb', 'kxkJZVNPFn', 'ghMJpee9hZ', 'WyPJOyQtRg', 'miwJ5bWoPO', 'J6uJ2vEWMq' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, DrEJdfYX8YdMufEggB.cs | High entropy of concatenated method names: 'fJQiFliT10', 'A7rimodprL', 'rDoioJrALt', 'yDqiXeKvxg', 'xviiCpQC2k', 'TDai1fGQEV', 'WApiSkbuN9', 'LBLI2u7axH', 'fWLItlD7hQ', 'VVxIv07wsE' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, QwBLuJCNfx85cfIVMW.cs | High entropy of concatenated method names: 'Dispose', 'VuBFv7shYg', 'KkjQ6A6RBN', 'sfNrrpg01q', 'gbcFYZM6qY', 'hr2Fzdbhug', 'ProcessDialogKey', 'uE5QDmwKWu', 'Pd1QF19ZA3', 'rwgQQlrEJd' |
Source: 0.2.proforma invoice.exe.3d55d30.3.raw.unpack, fRhkp3L9uQTgPURHUY.cs | High entropy of concatenated method names: 'NRKV7UF59W', 'YFjVBeKRqd', 'flJVLNK5QK', 'ItIVKt2QTy', 'xfaV6efHso', 't0EVWBiJQV', 'npmVr1lb26', 'oIOVP9eCZN', 'fcAVq8aO9N', 'HiEVhLOuAt' |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 100000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99890 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99781 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99672 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99563 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99453 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99344 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99219 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99109 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98999 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98891 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98781 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98672 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98560 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 100000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99890 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99781 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99671 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99562 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99453 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99342 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99232 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99109 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98988 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98859 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98734 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98625 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98515 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98406 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98296 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98187 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98078 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97968 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97859 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97750 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97638 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97515 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97406 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97296 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97187 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97078 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 96968 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 96859 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 96750 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 96547 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 96437 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 96328 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 96218 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 96109 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 96000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 95890 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 95780 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 95670 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 95546 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 95437 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 95328 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 95218 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 95109 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 95000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 94890 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 94781 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 94671 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 94562 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 94453 | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Users\user\Desktop\proforma invoice.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\proforma invoice.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Queries volume information: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zsHSBdyxHEzyp.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |