| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: dwrite.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: textshaping.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: iconcodecservice.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: riched20.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: usp10.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: msls31.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: urlmon.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: propsys.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: edputil.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: appresolver.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: slc.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: sppc.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: winnsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: mswsock.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: secur32.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: schannel.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: dwrite.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: textshaping.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: iconcodecservice.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: riched20.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: usp10.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: msls31.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: urlmon.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: propsys.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: edputil.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: appresolver.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: slc.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: sppc.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: fastprox.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: ncobjapi.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: mpclient.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wmitomi.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: mi.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: miutils.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: miutils.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: winnsi.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: mswsock.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: secur32.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: schannel.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, MvaOxVN9jNsrBV4BGJ.cs |
High entropy of concatenated method names: 'x7kxapk3Jn', 'BZnxhrR57g', 'XYPxNw8b0N', 'z4PxOe6N3T', 'k6LxDkCuRO', 'cKixfGV1eY', 'HHAxnMMsCn', 'QdcxBWpatD', 'uHuxClNXBX', 'vZmxFKLrhl' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, H3sZAacTXO63I6OW2G.cs |
High entropy of concatenated method names: 'RRiDlKTcyR', 'wvQDJtIRrm', 'oIfOVfaMme', 'cfDOrJOJto', 'WVROwq3iYk', 'AKAO0TnMoA', 'RN1OjwpEgo', 'vTkO8GFcV1', 'zMVOvNfP8t', 'mgnOuZPR8I' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, wsOdZpGBGx7yPAKJXr.cs |
High entropy of concatenated method names: 'VkDey3bT9M', 'XQ7eZ0ae2X', 'yNSqMZLmoA', 'GHJqLFYGAn', 'jLSe2GRLuN', 'CkQe7q0Pev', 'xRgeWqvS5n', 'D60ei6b7Go', 'Um4e9XImpA', 'n90eYpxu4A' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, aFsjiAECnEE985c0os.cs |
High entropy of concatenated method names: 'Uc4np8K4IO', 'NqJnKOXZTe', 'cG9ncbArSK', 'lsUnASaFyA', 'b2gnlqIeLJ', 'LrUnmLryr8', 'MkNnJApKmf', 'E6LnHA3wL7', 'lyOnd2yYut', 'nLGnSImxaa' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, tTjt3Tm47rYGMSbFUR.cs |
High entropy of concatenated method names: 'TZFfagWkVa', 'PnxfN6iOWh', 'M0YfDqmm4x', 'owPfnYYk98', 'jipfBdrXEe', 'UOTD3kLxaj', 'PrWDTK1K1w', 'IxoDEPnuQZ', 'PZlDy5bIGa', 'RI3Dk1Bk8P' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, vZ3XpbXgCtE3FBb8Qs.cs |
High entropy of concatenated method names: 'zignhlB3Ms', 'Qx7nOTVq4D', 'bSonfsqXWk', 'c2nfZQSBvc', 'LCwfzoRcdl', 'i8TnMtJ0kR', 'JhpnLa3qGk', 'Hrwn4ajvkB', 'BR3nxdI3U5', 'HvSnPbOZIB' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, kofpfDqjcPMk7nlupX.cs |
High entropy of concatenated method names: 'XjlcuOi4l', 'OhvAVI7AV', 'Qu3mxIGas', 'PNmJAbYwe', 'r7jdSEg4A', 'LnNShcwue', 'DxbIU90uC6lQlkkpve', 'OErtJ5LPwNbB4Tmr66', 'keLTTCwSZXtKdQTlZP', 'FwmqcKs4P' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, C1QWHnwVQIm5Dj670S.cs |
High entropy of concatenated method names: 'YCgNiEbaIv', 'S6ZN9lMTm9', 'kRINYni8Am', 'Ut4NbPwQA3', 'JfEN3WkGvV', 'USgNTPdNsN', 'PV0NEwoY69', 'IYbNymf36A', 'uGvNkmOVi2', 'DMiNZqe0v0' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, PqE9na55SZNiMgZombN.cs |
High entropy of concatenated method names: 'ToString', 's7koxGsuN8', 'jqhoPBKMKM', 'oJMoaGkM0t', 'Y7yohYw9x3', 'SnioNOQRo4', 'EycoOby4AN', 'dlioD24Fpv', 'ej1F4x2SwlSrkEPyPnj', 'CqcFTe2FLpc3ct9FNI7' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, q9Bf6YzBRrhMk148K3.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'fPiU5ogsYg', 'pkyUIsJkdI', 'GxZU1wJitA', 'rpVUeg5PdK', 'KbHUqy9jxS', 'fniUUwmwLl', 'lNwUotvAd1' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, mSEFvYisQAYDHI3YJ3.cs |
High entropy of concatenated method names: 'zQIqQ3biZ6', 'wSsqta8uY5', 'ffCqVcxqqT', 'N5JqrCwBxe', 'XK0qiLDJlJ', 'C4nqwJc08p', 'Next', 'Next', 'Next', 'NextBytes' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, M3KYsdRwEa2RGpSTJy.cs |
High entropy of concatenated method names: 'CE65Hcgb9D', 'rhg5deRvyD', 'Pd85Qbyy7v', 'zae5tKiM5b', 'DF05rJOWSr', 'XAk5wuEcKI', 'KA85jb6kVN', 'qct587ojuB', 'Uvy5uapfFR', 'mdf52kRHDo' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, a7kAOKWfMFYbxLrCs2.cs |
High entropy of concatenated method names: 'ukwOAkPURm', 'zMGOmuHVGQ', 'Um3OHqNdeF', 'g9bOdug7W4', 'WrpOIMqwtg', 'fucO1WDfjC', 'wLnOex6yA3', 'z2yOq89rmU', 'rnhOUBd3VF', 'oitOo0Wl99' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, TNhOLF5STRb3eeVAmKD.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mXaoijsFpC', 'Ei2o9NmJAu', 'eD2oYY80sG', 'jyWobgFOQD', 'nb6o3WDvYr', 'DNKoTc6MSJ', 'pURoEO9vMw' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, k4RA6Y2DIdFxxs76Gi.cs |
High entropy of concatenated method names: 'sRPULlrYsh', 'cV5UxAFgyV', 'UUdUP3Sq1k', 'vOBUhRckBO', 'YulUNKR8jE', 'YY0UDVipS0', 'W4AUfe6Rc8', 'LU8qE2Bm73', 'B7BqyKwday', 'zo8qkM8RAZ' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, YteQxN595vU84hxiTdT.cs |
High entropy of concatenated method names: 'OwUUpA97f3', 'OdTUKvYMOU', 'vtbUcaewmA', 'gdpUAGjx3i', 'B1pUlQQH1V', 'THkUmZlxLy', 'iE2UJujQEO', 'TnQUHM1jXr', 'zC8Udp1nsR', 'ADCUSRoYMV' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, JoZ5parQoGDSXOB4SU.cs |
High entropy of concatenated method names: 'PLIqhoHOgI', 'b2RqNl56li', 'FjGqOTTI4C', 'EbiqDjCZHn', 'Tq3qfg3aeS', 'ExiqnHXe05', 'eHFqBiiYoq', 'zT3qCJ0oI9', 'sV3qF9sYaX', 'Jddq6rRfxJ' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, XJQ7U6BCc2uQqlKhcl.cs |
High entropy of concatenated method names: 'V67LnNRxxH', 'LrwLBPWwEN', 'BZmLF9knwK', 'MGbL6noAkh', 'H6QLI35SAV', 'eQ4L1KZj70', 'J5KucCFjymCQW1lpcy', 'YWthFVTbeW1dX6J16t', 'jFgLLYaWNI', 'kZrLxOr2Wf' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, jE8HlS3b8r4piKL6Ai.cs |
High entropy of concatenated method names: 'ToString', 'zZq129rDq6', 'Nxe1ttjOFZ', 'Sh61VBFwuR', 'uKl1rV16GR', 'auR1w78W14', 'Qrx105c0Mc', 'HBL1jmmCiy', 'cIk18RnD5r', 'iSe1vruq2l' |
| Source: 0.2.4v7myD9mN2OaWZp.exe.88a0000.15.raw.unpack, aJ90VmahFrFnR2a7Gu.cs |
High entropy of concatenated method names: 'Dispose', 'oWSLkwDTsi', 'H7L4t6oDQM', 'vlQGG2rdxn', 'LyoLZL767V', 'sQkLzxgLy4', 'ProcessDialogKey', 'SB84MEKe2R', 'aFN4LbQGoA', 'bNc44jqVl0' |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 5692 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 652 |
Thread sleep time: -5534023222112862s >= -30000s |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3992 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep count: 34 > 30 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -31359464925306218s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -100000s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 7104 |
Thread sleep count: 4834 > 30 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -99891s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 7104 |
Thread sleep count: 5019 > 30 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -99766s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -99656s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -99546s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -99417s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -99309s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -99203s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -99094s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -98984s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -98875s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -98765s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -98656s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -98547s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -98437s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -98328s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -98198s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -98093s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -97984s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -97873s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -97766s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -97656s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -97547s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -97437s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -97328s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -97219s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -97094s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -96984s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -96845s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -96719s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -96594s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -96484s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -96375s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -96266s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -96156s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -96047s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -95937s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -95828s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -95719s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -95594s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -95466s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -95359s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -95250s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -95097s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -94969s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -94844s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -94734s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -94625s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -94516s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe TID: 6044 |
Thread sleep time: -94406s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 3376 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -22136092888451448s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -100000s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 4460 |
Thread sleep count: 2453 > 30 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -99875s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -99760s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -99656s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 4460 |
Thread sleep count: 5816 > 30 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -99547s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -99438s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -99313s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -99203s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -99091s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -98984s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -98875s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -98766s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -98641s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -98531s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -98388s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -98280s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -98172s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -98018s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -97891s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -97781s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -97672s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -97563s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -97438s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -97313s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -97197s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -97094s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -96969s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -96859s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -96750s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -96641s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -96531s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -96422s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -96313s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -96188s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -96078s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -95969s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -95844s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -95734s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -95625s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -95516s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -95406s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe TID: 5692 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 100000 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 99891 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 99766 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 99656 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 99546 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 99417 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 99309 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 99203 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 99094 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 98984 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 98875 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 98765 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 98656 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 98547 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 98437 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 98328 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 98198 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 98093 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 97984 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 97873 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 97766 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 97656 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 97547 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 97437 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 97328 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 97219 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 97094 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 96984 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 96845 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 96719 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 96594 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 96484 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 96375 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 96266 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 96156 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 96047 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 95937 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 95828 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 95719 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 95594 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 95466 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 95359 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 95250 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 95097 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 94969 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 94844 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 94734 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 94625 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 94516 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Thread delayed: delay time: 94406 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 100000 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 99875 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 99760 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 99656 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 99547 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 99438 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 99313 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 99203 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 99091 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 98984 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 98875 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 98766 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 98641 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 98531 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 98388 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 98280 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 98172 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 98018 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 97891 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 97781 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 97672 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 97563 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 97438 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 97313 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 97197 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 97094 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 96969 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 96859 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 96750 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 96641 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 96531 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 96422 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 96313 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 96188 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 96078 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 95969 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 95844 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 95734 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 95625 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 95516 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 95406 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Queries volume information: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Queries volume information: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\4v7myD9mN2OaWZp.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Queries volume information: C:\Users\user\AppData\Roaming\jgHHGmfF.exe VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Queries volume information: C:\Users\user\AppData\Roaming\jgHHGmfF.exe VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\jgHHGmfF.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet