Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: dwrite.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wininet.dll | Jump to behavior |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, MloHQwkcuuGEq48YUl.cs | High entropy of concatenated method names: 'eKRH5TWny1', 'eoPHVluFjH', 'yc0HwF2UeV', 'QTvH24XJYK', 'YaMHclDKg4', 'iMxHuQP1Hi', 'stTHYoZ34b', 'B24eaGt5Fk', 'h3HeCdQcSY', 'iB5eTPYDDb' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, fr7i6S82ktYg9kO0fV.cs | High entropy of concatenated method names: 'JQEtiX2t1B', 'kMdtQcaKwt', 'Hmwt74ifrT', 'MuJt4E8bmH', 'L2jtG0a6AZ', 'QwDtyL3h7Y', 'eXvtKNCnMM', 'vBythMvNZ7', 'LZTt1eojSK', 'hv7tZCyj7Q' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, u6WYON7Rjk1oUM8MMf.cs | High entropy of concatenated method names: 'ic8YNVxoxK', 'Wv9YcYaMCa', 'cTcYu639fC', 'XyoYUgsgLQ', 'bqZYBDfU1h', 'Y8eupjMwTV', 'EiQuMWHv3M', 'E8puauIM2a', 'W0uuCXZe1s', 'u3KuTVtZit' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, Fd9yQeoeiOv5Dt9gWQ.cs | High entropy of concatenated method names: 'fg2LYbru5', 'gF70ANBat', 'xStrwlCSR', 'ImOSdiVqe', 'CxFQRp2Fr', 'LUAnd244K', 't6ANZyliwxOkyFUUl5', 'Ml0KsWqc3pSIH8HSyM', 'tTUejyX28', 'E5qdnyeFF' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, YXiiuOxAKasYai0Yfh.cs | High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'el4oTcNN4W', 'IIJoktYhvr', 'lsvozsKi0T', 'scqVbvyJ8u', 'VX5V50sLRw', 'mWQVo1UyZK', 'pxyVVP7DuA', 'xIrZnwvs4VR1rk6bDKe' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, yfWLmWChqM2VoJBM7i.cs | High entropy of concatenated method names: 'EfSe2JkCZl', 'pmuecNe4fM', 'nBAexwEqj7', 'CS9eu61sOZ', 'kBqeYf00la', 'yc9eUFR7VS', 'wkneBJSlsJ', 'yH3elQ2woi', 'uFSeqUdKQT', 'B2EevoKqFe' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, L2yp78cNCJEd1qgClW.cs | High entropy of concatenated method names: 'Dispose', 'edi5TUnnBi', 'HYEo4u5hZZ', 'wUmGG2Z2Qy', 'nWf5kWLmWh', 'mM25zVoJBM', 'ProcessDialogKey', 'GiaobADkLn', 'Jnko5ZLCrP', 'ubaooJloHQ' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, GJ6QKIj1AxLaYITfnJ.cs | High entropy of concatenated method names: 'ToString', 'fJtIZe4CWD', 'RcDI4lo9Du', 'BXkI6GTudb', 'en8IGuWjvt', 'C9EIypYSDa', 'HkcIE6qnrj', 'HNJIKfWrS1', 'h9NIh8DXvY', 'c7eIJfhrAV' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, HLjwiK5bnFvfLQvsWZD.cs | High entropy of concatenated method names: 'CPkHPFQR66', 'FVrHWnopBP', 'TfFHLJkpa9', 'O1DH0nDHAd', 'WZBH9GY0dh', 'EOdHrmwI1F', 'HHtHSNuNJ9', 'd7VHinnoA7', 'S0LHQN694g', 'ADnHnvsa2h' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, VJx1r7we1naoFXJEaP.cs | High entropy of concatenated method names: 'uk85USDPtS', 't7E5BQFWww', 'J365qLDuBQ', 'bpd5v3Wjjy', 'Hdk5RRiX6W', 'iON5IRjk1o', 'WxVBMJSrWnQhNXD3si', 'ND7Vuk4nQmpISFOqfn', 'O9E55QKeAH', 'LYO5VHc5WI' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, LegeNyQ36LDuBQopd3.cs | High entropy of concatenated method names: 'j24x0j9GJM', 'OPrxrIadUw', 'NcnxiyGRSx', 'yBGxQOLvsj', 'SoSxR6vlum', 'wVJxI0y219', 'XEUxgBV2yF', 'AbxxecwH64', 'tdOxHtNNGd', 'JTjxdO3yIE' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, PSDPtSis7EQFWwwqQ3.cs | High entropy of concatenated method names: 'ib0cOlnODx', 'bcQcAyUuyb', 'f2WcjZtV5t', 'B8scmTbpSE', 'x1LcpHvHBJ', 'A7qcMS8uvh', 'gn8cayrLUM', 'wy2cCstZci', 'V0BcTuUBoB', 'xirck0o7Hd' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, br2h2dJfNhq3MaqGEQ.cs | High entropy of concatenated method names: 'NMhUP8GG5r', 'Q8MUW81xRe', 'HqQULOckZD', 'qFVU09NEXI', 'JNgU9kjgVB', 'pSQUrxa6ga', 'zd2USuaPjp', 'nhdUixw0aD', 'AqYUQhNl3T', 'zoDUnLZuV2' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, LcF2VmMxiT5i34INMF.cs | High entropy of concatenated method names: 'vqvgCBc85I', 'RMEgkGmE78', 'uEgebICQOP', 'nofe5C64Qd', 'wlggZvfauC', 'zxQg3O4OD3', 'tSIg8rphmU', 'jP5gOxrVpB', 'wm0gA5Cen4', 'rhigjZti3o' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, HWgdVbGggWxKIAmaY4.cs | High entropy of concatenated method names: 'GWgYDO8vQ7', 'HNlYP5AA9V', 'IF2YLPaE00', 'mxpY0mCNwv', 'uBAYrbSZqq', 'xnGYSWVOuX', 'OScYQ1TTae', 'komYnFOkn8', 'C4jeZMbAL7xwrBY0dBn', 'VXFcVfbPVitPKxD3Qau' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, d1b8ed5V3Rl4g31Q6Ak.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uLAdOYvuLF', 'ClUdAJ6KCY', 'FwWdj7iZqA', 'x9JdmpUrXs', 'HcUdpNV55g', 'YrldMWZteh', 'gQedaRpOx0' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, yjjy0XnS55NCw4dkRi.cs | High entropy of concatenated method names: 'Lu7u9vnhyR', 'F1vuSV6mi6', 'USJx6gcxiY', 'pEgxG9nG8Y', 'Jhuxy5ggx9', 'Sn9xEXiegO', 'YUCxKflNxY', 'vvYxhPNmQ4', 'HjTxJRrIJb', 'beVx1avM5S' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, hqrfKgO4QyJg7McqEO.cs | High entropy of concatenated method names: 'KljR11rLNx', 'OE8R3nPG75', 'TVrRO48o9N', 'ygpRAqdbmm', 'BDxR4G8xRp', 'ns0R6b29cx', 'ABWRGpsOhG', 'qWmRy89jxy', 'L9QRET6sVV', 'rQQRKsPPjv' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, r2w9VizWu7Ve89ZmkJ.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'P5KHt2aKVw', 'zxdHREoLOm', 'paiHI28iOq', 'VFRHgKjUHT', 'tYXHecIQw4', 'crjHH70Qvm', 'ueUHdvbG3j' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, WADkLnTynkZLCrPXba.cs | High entropy of concatenated method names: 'Jq3e7jDJ8x', 'cIse4NsN0o', 'UX7e6CFXHV', 'ttreG0HqQO', 'LOqeOwMW4s', 'lNceybqaBv', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, ow7Wt6moiXauGdJDs5.cs | High entropy of concatenated method names: 'MlHgqvtl7C', 'ADugvrpCZH', 'ToString', 'K2Ag2UtfYw', 'QQUgcOGN4J', 'DPUgxl4SOU', 'w9EguerP37', 'aimgY40lU9', 'PSLgULoIw1', 'kc5gBhFROc' |
Source: 0.2.DSR -AIROLAM - 2024.exe.6fa0000.15.raw.unpack, QBZjOwBnoUqxbyId5q.cs | High entropy of concatenated method names: 'iQcVN3xW6y', 'EvgV2Jq5Qc', 'JmuVc6IywY', 'b3YVxc1sie', 'Sb6Vu4VfeI', 'cZSVYe8elN', 'F72VUPFxNB', 'IMGVBIcBCs', 'lwpVl9xBe7', 'DuQVqd0uGY' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, MloHQwkcuuGEq48YUl.cs | High entropy of concatenated method names: 'eKRH5TWny1', 'eoPHVluFjH', 'yc0HwF2UeV', 'QTvH24XJYK', 'YaMHclDKg4', 'iMxHuQP1Hi', 'stTHYoZ34b', 'B24eaGt5Fk', 'h3HeCdQcSY', 'iB5eTPYDDb' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, fr7i6S82ktYg9kO0fV.cs | High entropy of concatenated method names: 'JQEtiX2t1B', 'kMdtQcaKwt', 'Hmwt74ifrT', 'MuJt4E8bmH', 'L2jtG0a6AZ', 'QwDtyL3h7Y', 'eXvtKNCnMM', 'vBythMvNZ7', 'LZTt1eojSK', 'hv7tZCyj7Q' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, u6WYON7Rjk1oUM8MMf.cs | High entropy of concatenated method names: 'ic8YNVxoxK', 'Wv9YcYaMCa', 'cTcYu639fC', 'XyoYUgsgLQ', 'bqZYBDfU1h', 'Y8eupjMwTV', 'EiQuMWHv3M', 'E8puauIM2a', 'W0uuCXZe1s', 'u3KuTVtZit' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, Fd9yQeoeiOv5Dt9gWQ.cs | High entropy of concatenated method names: 'fg2LYbru5', 'gF70ANBat', 'xStrwlCSR', 'ImOSdiVqe', 'CxFQRp2Fr', 'LUAnd244K', 't6ANZyliwxOkyFUUl5', 'Ml0KsWqc3pSIH8HSyM', 'tTUejyX28', 'E5qdnyeFF' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, YXiiuOxAKasYai0Yfh.cs | High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'el4oTcNN4W', 'IIJoktYhvr', 'lsvozsKi0T', 'scqVbvyJ8u', 'VX5V50sLRw', 'mWQVo1UyZK', 'pxyVVP7DuA', 'xIrZnwvs4VR1rk6bDKe' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, yfWLmWChqM2VoJBM7i.cs | High entropy of concatenated method names: 'EfSe2JkCZl', 'pmuecNe4fM', 'nBAexwEqj7', 'CS9eu61sOZ', 'kBqeYf00la', 'yc9eUFR7VS', 'wkneBJSlsJ', 'yH3elQ2woi', 'uFSeqUdKQT', 'B2EevoKqFe' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, L2yp78cNCJEd1qgClW.cs | High entropy of concatenated method names: 'Dispose', 'edi5TUnnBi', 'HYEo4u5hZZ', 'wUmGG2Z2Qy', 'nWf5kWLmWh', 'mM25zVoJBM', 'ProcessDialogKey', 'GiaobADkLn', 'Jnko5ZLCrP', 'ubaooJloHQ' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, GJ6QKIj1AxLaYITfnJ.cs | High entropy of concatenated method names: 'ToString', 'fJtIZe4CWD', 'RcDI4lo9Du', 'BXkI6GTudb', 'en8IGuWjvt', 'C9EIypYSDa', 'HkcIE6qnrj', 'HNJIKfWrS1', 'h9NIh8DXvY', 'c7eIJfhrAV' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, HLjwiK5bnFvfLQvsWZD.cs | High entropy of concatenated method names: 'CPkHPFQR66', 'FVrHWnopBP', 'TfFHLJkpa9', 'O1DH0nDHAd', 'WZBH9GY0dh', 'EOdHrmwI1F', 'HHtHSNuNJ9', 'd7VHinnoA7', 'S0LHQN694g', 'ADnHnvsa2h' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, VJx1r7we1naoFXJEaP.cs | High entropy of concatenated method names: 'uk85USDPtS', 't7E5BQFWww', 'J365qLDuBQ', 'bpd5v3Wjjy', 'Hdk5RRiX6W', 'iON5IRjk1o', 'WxVBMJSrWnQhNXD3si', 'ND7Vuk4nQmpISFOqfn', 'O9E55QKeAH', 'LYO5VHc5WI' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, LegeNyQ36LDuBQopd3.cs | High entropy of concatenated method names: 'j24x0j9GJM', 'OPrxrIadUw', 'NcnxiyGRSx', 'yBGxQOLvsj', 'SoSxR6vlum', 'wVJxI0y219', 'XEUxgBV2yF', 'AbxxecwH64', 'tdOxHtNNGd', 'JTjxdO3yIE' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, PSDPtSis7EQFWwwqQ3.cs | High entropy of concatenated method names: 'ib0cOlnODx', 'bcQcAyUuyb', 'f2WcjZtV5t', 'B8scmTbpSE', 'x1LcpHvHBJ', 'A7qcMS8uvh', 'gn8cayrLUM', 'wy2cCstZci', 'V0BcTuUBoB', 'xirck0o7Hd' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, br2h2dJfNhq3MaqGEQ.cs | High entropy of concatenated method names: 'NMhUP8GG5r', 'Q8MUW81xRe', 'HqQULOckZD', 'qFVU09NEXI', 'JNgU9kjgVB', 'pSQUrxa6ga', 'zd2USuaPjp', 'nhdUixw0aD', 'AqYUQhNl3T', 'zoDUnLZuV2' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, LcF2VmMxiT5i34INMF.cs | High entropy of concatenated method names: 'vqvgCBc85I', 'RMEgkGmE78', 'uEgebICQOP', 'nofe5C64Qd', 'wlggZvfauC', 'zxQg3O4OD3', 'tSIg8rphmU', 'jP5gOxrVpB', 'wm0gA5Cen4', 'rhigjZti3o' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, HWgdVbGggWxKIAmaY4.cs | High entropy of concatenated method names: 'GWgYDO8vQ7', 'HNlYP5AA9V', 'IF2YLPaE00', 'mxpY0mCNwv', 'uBAYrbSZqq', 'xnGYSWVOuX', 'OScYQ1TTae', 'komYnFOkn8', 'C4jeZMbAL7xwrBY0dBn', 'VXFcVfbPVitPKxD3Qau' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, d1b8ed5V3Rl4g31Q6Ak.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uLAdOYvuLF', 'ClUdAJ6KCY', 'FwWdj7iZqA', 'x9JdmpUrXs', 'HcUdpNV55g', 'YrldMWZteh', 'gQedaRpOx0' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, yjjy0XnS55NCw4dkRi.cs | High entropy of concatenated method names: 'Lu7u9vnhyR', 'F1vuSV6mi6', 'USJx6gcxiY', 'pEgxG9nG8Y', 'Jhuxy5ggx9', 'Sn9xEXiegO', 'YUCxKflNxY', 'vvYxhPNmQ4', 'HjTxJRrIJb', 'beVx1avM5S' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, hqrfKgO4QyJg7McqEO.cs | High entropy of concatenated method names: 'KljR11rLNx', 'OE8R3nPG75', 'TVrRO48o9N', 'ygpRAqdbmm', 'BDxR4G8xRp', 'ns0R6b29cx', 'ABWRGpsOhG', 'qWmRy89jxy', 'L9QRET6sVV', 'rQQRKsPPjv' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, r2w9VizWu7Ve89ZmkJ.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'P5KHt2aKVw', 'zxdHREoLOm', 'paiHI28iOq', 'VFRHgKjUHT', 'tYXHecIQw4', 'crjHH70Qvm', 'ueUHdvbG3j' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, WADkLnTynkZLCrPXba.cs | High entropy of concatenated method names: 'Jq3e7jDJ8x', 'cIse4NsN0o', 'UX7e6CFXHV', 'ttreG0HqQO', 'LOqeOwMW4s', 'lNceybqaBv', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, ow7Wt6moiXauGdJDs5.cs | High entropy of concatenated method names: 'MlHgqvtl7C', 'ADugvrpCZH', 'ToString', 'K2Ag2UtfYw', 'QQUgcOGN4J', 'DPUgxl4SOU', 'w9EguerP37', 'aimgY40lU9', 'PSLgULoIw1', 'kc5gBhFROc' |
Source: 0.2.DSR -AIROLAM - 2024.exe.3eb9390.11.raw.unpack, QBZjOwBnoUqxbyId5q.cs | High entropy of concatenated method names: 'iQcVN3xW6y', 'EvgV2Jq5Qc', 'JmuVc6IywY', 'b3YVxc1sie', 'Sb6Vu4VfeI', 'cZSVYe8elN', 'F72VUPFxNB', 'IMGVBIcBCs', 'lwpVl9xBe7', 'DuQVqd0uGY' |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 100000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99828 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99701 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99593 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99484 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99374 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99265 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99156 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 99047 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98937 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98828 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98718 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98609 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98500 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98390 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98281 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98169 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 98062 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97953 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97843 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97734 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97624 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97514 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97396 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97279 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 97172 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Queries volume information: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DSR -AIROLAM - 2024.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |