Source: C:\Users\user\Desktop\file.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: microsoft.management.infrastructure.native.unmanaged.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: miutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wmidcom.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: microsoft.management.infrastructure.native.unmanaged.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: miutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wmidcom.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: rtutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: vaultcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: fastprox.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: ncobjapi.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: mpclient.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: version.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: wmitomi.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: mi.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: miutils.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: miutils.dll | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: mscoree.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: version.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: windows.storage.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: wldp.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: profapi.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: cryptsp.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: rsaenh.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: cryptbase.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: wbemcomn.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: amsi.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: userenv.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: sspicli.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: rasapi32.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: rasman.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: rtutils.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: mswsock.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: winhttp.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: iphlpapi.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: dhcpcsvc6.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: dhcpcsvc.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: dnsapi.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: winnsi.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: rasadhlp.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: fwpuclnt.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: secur32.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: schannel.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: mskeyprotect.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: ntasn1.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: ncrypt.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: ncryptsslp.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: gpapi.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: vaultcli.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: wintypes.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: edputil.dll | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Section loaded: windowscodecs.dll | |
Source: 0.2.file.exe.2b26770.0.raw.unpack, XG.cs | High entropy of concatenated method names: 'S1d', 'RgtTUJcyZL', 'n1Q', 'M1r', 'Y1a', 'U1m', 'k2an4M', 'gt', 'kU', 'rK' |
Source: 0.2.file.exe.2b373e8.2.raw.unpack, XG.cs | High entropy of concatenated method names: 'S1d', 'RgtTUJcyZL', 'n1Q', 'M1r', 'Y1a', 'U1m', 'k2an4M', 'gt', 'kU', 'rK' |
Source: 0.2.file.exe.50b0000.10.raw.unpack, XG.cs | High entropy of concatenated method names: 'S1d', 'RgtTUJcyZL', 'n1Q', 'M1r', 'Y1a', 'U1m', 'k2an4M', 'gt', 'kU', 'rK' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, f852SBeSYTvOJ7Md7P.cs | High entropy of concatenated method names: 'UZa2bcBZvH', 'nLi23ae9i2', 'VmU2jF2dqY', 'Vwd2S8apam', 'em82E70oJg', 'M6b2DNqfg0', 'z36T1bVjOGBwsBYsPs', 'X66YeyGDCGoRNJsPkn', 'CZh22aNlJR', 'GXX2fxLeD7' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, lPb0Iou0WfALMLQZVr.cs | High entropy of concatenated method names: 'OkoJIZZBTdbbDSx5MGU', 'ph6WfgZU0Ql2va7el6x', 'HxaVAdocYM', 'xC6Vkk9wRc', 'UkFV4U9gWx', 'T8o050Zocf3EDgsPhhK', 'UXOSmUZHr7LOJbIWqhv', 'XhSW8EZhZRx042EAEjj' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, WFORltQkjHK1BMEAR5.cs | High entropy of concatenated method names: 'fFQYIfAP5A', 'Q2hYhXrwCh', 't0EMrgcrhj', 'sApMLYVgQ7', 'Mk7MohVkM3', 'FIXMTXiVpP', 'XyCMwrRI3J', 'QkEMBKg5HK', 'D1JMidi83P', 'ah5MvbpF8O' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, ChSORmXXYoSiwD3OqJK.cs | High entropy of concatenated method names: 'ToString', 'caH4f4vChD', 'p1C4xDFA5u', 'UKp4lXRaS4', 'zr841FjnMa', 'uW94XnZHh9', 'lsy4MeXGON', 'CuD4YPRuAn', 'uKFn1ENqt8v2ekQI21X', 'ItmTGWNQXVY3sKCibsS' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, BfidfHrkPEQmjK2Jow.cs | High entropy of concatenated method names: 'rFUMaP40Dy', 'oDcMRXBgOa', 'ORoMFdLOJ4', 'bXyMWpJ4Vf', 'S15MEHdyTL', 'XhbMD88Ov7', 'QC7MqO71XM', 'N9FMAp1HrC', 'BhfMkC6DxL', 'AS8M4J6CbJ' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, c3vhmamPfFGMiVBkNM.cs | High entropy of concatenated method names: 'yKdeFrTC6Q', 'X83eWPc0tu', 'Go6eJuv8rI', 'N3veUGVcrM', 'l4VeLochkP', 'wAleoBMSep', 'YTuewYafbn', 'zGneBnnEIy', 'BHKevpvdZH', 'jeMey62m3v' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, RdPpBrAFXEUN9YAoCg.cs | High entropy of concatenated method names: 'eNCqtJLyBY', 'Ti0q7MekUK', 'gA6A0erkFQ', 'yM5A26lRWL', 'VK2qyjWQkU', 'hYHqmTYPJ9', 'xRZqcggKd6', 'dOlqPmc1P0', 'RvGqKk0O23', 'REEq6HCeAI' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, hyTKiNKj3ae59MDZfH.cs | High entropy of concatenated method names: 'xrwEvjQYgn', 'MAmEmMioUC', 'y0lEPGwinq', 'ucrEKgfKbx', 'EvtEUJpQgt', 'KgPErfKxGL', 'rnrELbIhK9', 'j3IEo1Nc3H', 'VKkETMqRYo', 'yCGEwXWXtl' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, yYK215XjdBVrWuGusZY.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'UyX4PpK3TE', 'dP74KTqNUH', 'rOG46awgqM', 'gWN4QnGAaD', 'kKE4GFAb9M', 'qbh4uQSrrb', 'XHG4dyvAO3' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, KIvr3FX4dEoLptBarip.cs | High entropy of concatenated method names: 'IUIk5EuD2A', 'MyxksKZRSp', 'Lkuk93E91S', 'CRokaKwphI', 'sALkIjNBls', 'Qf7kR8ngfy', 'dZJkhNhYUH', 'nU7kFvgdR2', 'UB1kWcluNM', 'bZkkpKwkX3' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, RP7TtIwmcGsGhL1BvJ.cs | High entropy of concatenated method names: 'i3Ok29lU0t', 'glRkf7crxc', 'ylTkxEsSgM', 'P8ok1T4lZR', 'eGEkX0l7Mp', 'BpfkYJPdg3', 'odfkVJB0vb', 'QIGAdGwcVp', 'g74At6VYFj', 'cWKAOViK6m' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, LRSqrxE5W48gykjrUY.cs | High entropy of concatenated method names: 'vEGXPUMWdF', 'bGQXKhri76', 'HfYX6swUdp', 'fREXQyhUxR', 'rKGXGlPUh3', 'gsiXujXfEX', 'YhdXdawRVS', 'aepXt8q6kK', 'X3cXOcZrox', 'LoiX7YXGVW' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, Sw19x1GPMxD59qfkVf.cs | High entropy of concatenated method names: 'KuOflDZU2N', 'U1vf1r8BNp', 'nlofX1HP43', 'OHjfMAAEED', 'FcLfYMAM3A', 'Q9nfVwrEUp', 'Yhvfb6qkww', 'RK5f3L40O8', 'tcIfCOMpXA', 'r2xfj8WAOv' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, VJ3vXev2gshy2q0NS9.cs | High entropy of concatenated method names: 'OZNb5ZN1b1', 'b4wbs1ymk5', 'xPgb9p5BWe', 'NFfbabRf5N', 'n7gbIpRNZk', 'KyYbRJevHo', 'cxlbhlAjSU', 'x7dbF9SThK', 'JrZbWNOOc0', 'iXObpiLXkB' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, O038cRyLdSA4Ia8Da0.cs | High entropy of concatenated method names: 'jS5A1ihB6x', 'v94AX2axxe', 'L4dAMlmrZI', 'dvPAYmpkFe', 'WxtAVnSGcB', 'jyYAbG4Kgj', 'JiKA3BHvJd', 'o4fAChMe2q', 'BHGAjvGm1J', 'Mh9ASLq5NH' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, x983xKPcmqL0aHLHpb.cs | High entropy of concatenated method names: 'gDZb1wGN9R', 'GL8bMcGyjx', 'E4VbVv1mNt', 'SBXV7kmf2s', 'Q4cVz7lT3V', 'EHlb0NUhZk', 'ibKb2s1Mje', 'GrDbHaUDf4', 'D5Tbfwo1Rt', 'qx0bxSfYHV' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, V2QAVALuSskWCnvIDX.cs | High entropy of concatenated method names: 'oEm9G3kRl', 'n1oaUibpy', 'Y8aRrWSek', 'KaZh56tkX', 'T9rWZkQBw', 'uKNpL3XAQ', 'r4lpYaqps4JIRS4u81', 'UcpqFvQiC9aeHs3fJf', 'DKOAc6joZ', 'KOP4MgUIy' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, VOxiHq1T48cllfNOQp.cs | High entropy of concatenated method names: 'KqyAJY3jS8', 'kh8AU0l8qE', 'n3dArMcD78', 'EsTALVW4t9', 'm9VAPAysMs', 'qBCAodf2Sf', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, JuyX6x38kVcWiP99jX.cs | High entropy of concatenated method names: 'Dispose', 'FnV2O8hKdq', 'IowHUNvfc8', 'pwfZZal7OD', 'LV627getyZ', 'QAl2zMJS3R', 'ProcessDialogKey', 'FajH0YtpXA', 'q0uH2DAHyW', 'PWaHHvF8jn' |
Source: 0.2.file.exe.3eb56e0.7.raw.unpack, FXxWsbB5COoTFyvQNn.cs | High entropy of concatenated method names: 'eSqVl2L2Uw', 'YBlVXsrYnD', 'NQRVY45tq2', 'aOXVbPRsn7', 'bdvV3J00kp', 'tdBYGO0aeP', 'cHTYuvCxaj', 'RuGYdtTlIG', 'PXLYtXQXXe', 'f8FYOFALJD' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, f852SBeSYTvOJ7Md7P.cs | High entropy of concatenated method names: 'UZa2bcBZvH', 'nLi23ae9i2', 'VmU2jF2dqY', 'Vwd2S8apam', 'em82E70oJg', 'M6b2DNqfg0', 'z36T1bVjOGBwsBYsPs', 'X66YeyGDCGoRNJsPkn', 'CZh22aNlJR', 'GXX2fxLeD7' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, lPb0Iou0WfALMLQZVr.cs | High entropy of concatenated method names: 'OkoJIZZBTdbbDSx5MGU', 'ph6WfgZU0Ql2va7el6x', 'HxaVAdocYM', 'xC6Vkk9wRc', 'UkFV4U9gWx', 'T8o050Zocf3EDgsPhhK', 'UXOSmUZHr7LOJbIWqhv', 'XhSW8EZhZRx042EAEjj' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, WFORltQkjHK1BMEAR5.cs | High entropy of concatenated method names: 'fFQYIfAP5A', 'Q2hYhXrwCh', 't0EMrgcrhj', 'sApMLYVgQ7', 'Mk7MohVkM3', 'FIXMTXiVpP', 'XyCMwrRI3J', 'QkEMBKg5HK', 'D1JMidi83P', 'ah5MvbpF8O' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, ChSORmXXYoSiwD3OqJK.cs | High entropy of concatenated method names: 'ToString', 'caH4f4vChD', 'p1C4xDFA5u', 'UKp4lXRaS4', 'zr841FjnMa', 'uW94XnZHh9', 'lsy4MeXGON', 'CuD4YPRuAn', 'uKFn1ENqt8v2ekQI21X', 'ItmTGWNQXVY3sKCibsS' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, BfidfHrkPEQmjK2Jow.cs | High entropy of concatenated method names: 'rFUMaP40Dy', 'oDcMRXBgOa', 'ORoMFdLOJ4', 'bXyMWpJ4Vf', 'S15MEHdyTL', 'XhbMD88Ov7', 'QC7MqO71XM', 'N9FMAp1HrC', 'BhfMkC6DxL', 'AS8M4J6CbJ' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, c3vhmamPfFGMiVBkNM.cs | High entropy of concatenated method names: 'yKdeFrTC6Q', 'X83eWPc0tu', 'Go6eJuv8rI', 'N3veUGVcrM', 'l4VeLochkP', 'wAleoBMSep', 'YTuewYafbn', 'zGneBnnEIy', 'BHKevpvdZH', 'jeMey62m3v' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, RdPpBrAFXEUN9YAoCg.cs | High entropy of concatenated method names: 'eNCqtJLyBY', 'Ti0q7MekUK', 'gA6A0erkFQ', 'yM5A26lRWL', 'VK2qyjWQkU', 'hYHqmTYPJ9', 'xRZqcggKd6', 'dOlqPmc1P0', 'RvGqKk0O23', 'REEq6HCeAI' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, hyTKiNKj3ae59MDZfH.cs | High entropy of concatenated method names: 'xrwEvjQYgn', 'MAmEmMioUC', 'y0lEPGwinq', 'ucrEKgfKbx', 'EvtEUJpQgt', 'KgPErfKxGL', 'rnrELbIhK9', 'j3IEo1Nc3H', 'VKkETMqRYo', 'yCGEwXWXtl' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, yYK215XjdBVrWuGusZY.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'UyX4PpK3TE', 'dP74KTqNUH', 'rOG46awgqM', 'gWN4QnGAaD', 'kKE4GFAb9M', 'qbh4uQSrrb', 'XHG4dyvAO3' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, KIvr3FX4dEoLptBarip.cs | High entropy of concatenated method names: 'IUIk5EuD2A', 'MyxksKZRSp', 'Lkuk93E91S', 'CRokaKwphI', 'sALkIjNBls', 'Qf7kR8ngfy', 'dZJkhNhYUH', 'nU7kFvgdR2', 'UB1kWcluNM', 'bZkkpKwkX3' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, RP7TtIwmcGsGhL1BvJ.cs | High entropy of concatenated method names: 'i3Ok29lU0t', 'glRkf7crxc', 'ylTkxEsSgM', 'P8ok1T4lZR', 'eGEkX0l7Mp', 'BpfkYJPdg3', 'odfkVJB0vb', 'QIGAdGwcVp', 'g74At6VYFj', 'cWKAOViK6m' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, LRSqrxE5W48gykjrUY.cs | High entropy of concatenated method names: 'vEGXPUMWdF', 'bGQXKhri76', 'HfYX6swUdp', 'fREXQyhUxR', 'rKGXGlPUh3', 'gsiXujXfEX', 'YhdXdawRVS', 'aepXt8q6kK', 'X3cXOcZrox', 'LoiX7YXGVW' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, Sw19x1GPMxD59qfkVf.cs | High entropy of concatenated method names: 'KuOflDZU2N', 'U1vf1r8BNp', 'nlofX1HP43', 'OHjfMAAEED', 'FcLfYMAM3A', 'Q9nfVwrEUp', 'Yhvfb6qkww', 'RK5f3L40O8', 'tcIfCOMpXA', 'r2xfj8WAOv' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, VJ3vXev2gshy2q0NS9.cs | High entropy of concatenated method names: 'OZNb5ZN1b1', 'b4wbs1ymk5', 'xPgb9p5BWe', 'NFfbabRf5N', 'n7gbIpRNZk', 'KyYbRJevHo', 'cxlbhlAjSU', 'x7dbF9SThK', 'JrZbWNOOc0', 'iXObpiLXkB' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, O038cRyLdSA4Ia8Da0.cs | High entropy of concatenated method names: 'jS5A1ihB6x', 'v94AX2axxe', 'L4dAMlmrZI', 'dvPAYmpkFe', 'WxtAVnSGcB', 'jyYAbG4Kgj', 'JiKA3BHvJd', 'o4fAChMe2q', 'BHGAjvGm1J', 'Mh9ASLq5NH' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, x983xKPcmqL0aHLHpb.cs | High entropy of concatenated method names: 'gDZb1wGN9R', 'GL8bMcGyjx', 'E4VbVv1mNt', 'SBXV7kmf2s', 'Q4cVz7lT3V', 'EHlb0NUhZk', 'ibKb2s1Mje', 'GrDbHaUDf4', 'D5Tbfwo1Rt', 'qx0bxSfYHV' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, V2QAVALuSskWCnvIDX.cs | High entropy of concatenated method names: 'oEm9G3kRl', 'n1oaUibpy', 'Y8aRrWSek', 'KaZh56tkX', 'T9rWZkQBw', 'uKNpL3XAQ', 'r4lpYaqps4JIRS4u81', 'UcpqFvQiC9aeHs3fJf', 'DKOAc6joZ', 'KOP4MgUIy' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, VOxiHq1T48cllfNOQp.cs | High entropy of concatenated method names: 'KqyAJY3jS8', 'kh8AU0l8qE', 'n3dArMcD78', 'EsTALVW4t9', 'm9VAPAysMs', 'qBCAodf2Sf', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, JuyX6x38kVcWiP99jX.cs | High entropy of concatenated method names: 'Dispose', 'FnV2O8hKdq', 'IowHUNvfc8', 'pwfZZal7OD', 'LV627getyZ', 'QAl2zMJS3R', 'ProcessDialogKey', 'FajH0YtpXA', 'q0uH2DAHyW', 'PWaHHvF8jn' |
Source: 0.2.file.exe.5d60000.11.raw.unpack, FXxWsbB5COoTFyvQNn.cs | High entropy of concatenated method names: 'eSqVl2L2Uw', 'YBlVXsrYnD', 'NQRVY45tq2', 'aOXVbPRsn7', 'bdvV3J00kp', 'tdBYGO0aeP', 'cHTYuvCxaj', 'RuGYdtTlIG', 'PXLYtXQXXe', 'f8FYOFALJD' |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899942 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899827 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899688 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899578 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899452 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899329 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899120 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899014 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898806 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898703 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898593 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898484 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898374 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898265 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898156 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898047 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897936 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897828 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897718 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897609 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897500 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897390 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897281 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897171 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897062 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 896952 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 896843 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 896734 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 896336 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 894922 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 893031 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 892422 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 892312 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 892195 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 892093 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 891984 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 891872 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 922337203685477 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899954 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899828 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899718 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899580 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899453 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899343 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899234 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899124 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899015 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898905 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898796 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898687 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898565 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898452 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898328 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898212 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898093 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897983 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897872 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897750 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897640 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897530 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897421 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897312 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897202 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897093 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896984 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896874 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896765 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896648 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896531 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896421 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896312 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896199 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896078 | |
Source: C:\Users\user\Desktop\file.exe TID: 7516 | Thread sleep time: -40000s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 7532 | Thread sleep time: -922337203685477s >= -30000s | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7756 | Thread sleep count: 5516 > 30 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7908 | Thread sleep time: -3689348814741908s >= -30000s | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7740 | Thread sleep count: 498 > 30 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7808 | Thread sleep time: -922337203685477s >= -30000s | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7960 | Thread sleep time: -4611686018427385s >= -30000s | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7836 | Thread sleep time: -922337203685477s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -35048813740048126s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -100000s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -99864s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -99720s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -99594s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -99484s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -99373s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -99250s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -99141s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -99030s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -98907s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -98797s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -98672s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -98563s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -98438s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -98328s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -98216s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -899942s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -899827s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -899688s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -899578s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -899452s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -899329s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -899120s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -899014s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -898806s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -898703s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -898593s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -898484s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -898374s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -898265s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -898156s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -898047s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -897936s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -897828s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -897718s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -897609s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -897500s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -897390s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -897281s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -897171s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -897062s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -896952s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -896843s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -896734s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -896336s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -894922s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -893031s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -892422s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -892312s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -892195s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -892093s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -891984s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe TID: 8056 | Thread sleep time: -891872s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 8016 | Thread sleep time: -40000s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 8132 | Thread sleep time: -922337203685477s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -30437127721620741s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -100000s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -99874s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -99765s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -99656s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -99547s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -99437s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -99328s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -99218s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -99109s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -98999s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -98890s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -95175s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -94577s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -94413s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -94297s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -94185s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -899954s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -899828s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -899718s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -899580s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -899453s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -899343s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -899234s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -899124s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -899015s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -898905s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -898796s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -898687s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -898565s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -898452s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -898328s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -898212s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -898093s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -897983s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -897872s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -897750s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -897640s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -897530s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -897421s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -897312s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -897202s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -897093s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -896984s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -896874s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -896765s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -896648s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -896531s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -896421s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -896312s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -896199s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe TID: 7640 | Thread sleep time: -896078s >= -30000s | |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 40000 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 100000 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 99864 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 99720 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 99594 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 99484 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 99373 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 99250 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 99141 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 99030 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 98907 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 98797 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 98672 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 98563 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 98438 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 98328 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 98216 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899942 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899827 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899688 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899578 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899452 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899329 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899120 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 899014 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898806 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898703 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898593 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898484 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898374 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898265 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898156 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 898047 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897936 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897828 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897718 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897609 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897500 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897390 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897281 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897171 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 897062 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 896952 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 896843 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 896734 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 896336 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 894922 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 893031 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 892422 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 892312 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 892195 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 892093 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 891984 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Thread delayed: delay time: 891872 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 40000 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 922337203685477 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 100000 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 99874 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 99765 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 99656 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 99547 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 99437 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 99328 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 99218 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 99109 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 98999 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 98890 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 95175 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 94577 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 94413 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 94297 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 94185 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899954 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899828 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899718 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899580 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899453 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899343 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899234 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899124 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 899015 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898905 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898796 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898687 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898565 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898452 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898328 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898212 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 898093 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897983 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897872 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897750 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897640 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897530 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897421 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897312 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897202 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 897093 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896984 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896874 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896765 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896648 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896531 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896421 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896312 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896199 | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Thread delayed: delay time: 896078 | |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Queries volume information: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Queries volume information: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\zgfPOWyxZm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | |