Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, yHGBBy.exe.0.dr | String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, yHGBBy.exe.0.dr | String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000008.00000002.4129157086.0000000000B8D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://geoplugin.net/8 |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000008.00000002.4129157086.0000000000B8D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://geoplugin.net/A |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000008.00000002.4129157086.0000000000B9D000.00000004.00000020.00020000.00000000.sdmp, BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000008.00000002.4128912990.0000000000B5A000.00000004.00000020.00020000.00000000.sdmp, yHGBBy.exe | String found in binary or memory: http://geoplugin.net/json.gp |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1690981553.0000000003ED0000.00000004.00000800.00020000.00000000.sdmp, BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1690981553.0000000003E11000.00000004.00000800.00020000.00000000.sdmp, yHGBBy.exe, 0000000A.00000002.1723512697.00000000044A1000.00000004.00000800.00020000.00000000.sdmp, yHGBBy.exe, 0000000D.00000002.1717423072.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://geoplugin.net/json.gp/C |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000008.00000002.4129157086.0000000000B9D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://geoplugin.net/json.gpJ |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000008.00000002.4128912990.0000000000B5A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://geoplugin.net/json.gpPc |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000008.00000002.4128912990.0000000000B5A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://geoplugin.net/json.gpSystem32 |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000008.00000002.4129157086.0000000000B9D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://geoplugin.net/json.gpo |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000008.00000002.4129157086.0000000000B8D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://geoplugin.net/p |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, yHGBBy.exe.0.dr | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1688758899.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, yHGBBy.exe, 0000000A.00000002.1721818897.00000000033E1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.coml |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers? |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designersG |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fonts.com |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.goodfont.co.kr |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sajatypeworks.com |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sakkal.com |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sandoll.co.kr |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.tiro.com |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.typography.netD |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.urwpp.deDPlease |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, 00000000.00000002.1700180787.0000000007A12000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.zhongyicts.com.cn |
Source: BBVA Colombia__ Aviso de Pago.pdf.bat.exe, yHGBBy.exe.0.dr | String found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0 |
Source: 10.2.yHGBBy.exe.44a1498.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 10.2.yHGBBy.exe.44a1498.3.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.2.yHGBBy.exe.44a1498.3.unpack, type: UNPACKEDPE | Matched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3ed08a8.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3ed08a8.2.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3ed08a8.2.unpack, type: UNPACKEDPE | Matched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3f45ec8.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3f45ec8.1.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3f45ec8.1.unpack, type: UNPACKEDPE | Matched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen |
Source: 13.2.yHGBBy.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 13.2.yHGBBy.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 13.2.yHGBBy.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen |
Source: 10.2.yHGBBy.exe.4516ab8.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 10.2.yHGBBy.exe.4516ab8.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.2.yHGBBy.exe.4516ab8.4.unpack, type: UNPACKEDPE | Matched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen |
Source: 13.2.yHGBBy.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 13.2.yHGBBy.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 13.2.yHGBBy.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3f45ec8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3f45ec8.1.raw.unpack, type: UNPACKEDPE | Matched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen |
Source: 10.2.yHGBBy.exe.4516ab8.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 10.2.yHGBBy.exe.4516ab8.4.raw.unpack, type: UNPACKEDPE | Matched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen |
Source: 10.2.yHGBBy.exe.44a1498.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 10.2.yHGBBy.exe.44a1498.3.raw.unpack, type: UNPACKEDPE | Matched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3ed08a8.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3ed08a8.2.raw.unpack, type: UNPACKEDPE | Matched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen |
Source: 0000000D.00000002.1717423072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0000000D.00000002.1717423072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000D.00000002.1717423072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen |
Source: 00000000.00000002.1690981553.0000000003E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 00000000.00000002.1690981553.0000000003ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0000000A.00000002.1723512697.00000000044A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: Process Memory Space: BBVA Colombia__ Aviso de Pago.pdf.bat.exe PID: 6176, type: MEMORYSTR | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: Process Memory Space: yHGBBy.exe PID: 7596, type: MEMORYSTR | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: Process Memory Space: yHGBBy.exe PID: 7724, type: MEMORYSTR | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 10.2.yHGBBy.exe.44a1498.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 10.2.yHGBBy.exe.44a1498.3.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.2.yHGBBy.exe.44a1498.3.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3ed08a8.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3ed08a8.2.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3ed08a8.2.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3f45ec8.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3f45ec8.1.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3f45ec8.1.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe |
Source: 13.2.yHGBBy.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 13.2.yHGBBy.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 13.2.yHGBBy.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe |
Source: 10.2.yHGBBy.exe.4516ab8.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 10.2.yHGBBy.exe.4516ab8.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.2.yHGBBy.exe.4516ab8.4.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe |
Source: 13.2.yHGBBy.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 13.2.yHGBBy.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 13.2.yHGBBy.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3f45ec8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3f45ec8.1.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe |
Source: 10.2.yHGBBy.exe.4516ab8.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 10.2.yHGBBy.exe.4516ab8.4.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe |
Source: 10.2.yHGBBy.exe.44a1498.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 10.2.yHGBBy.exe.44a1498.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3ed08a8.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.3ed08a8.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe |
Source: 0000000D.00000002.1717423072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 0000000D.00000002.1717423072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000D.00000002.1717423072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe |
Source: 00000000.00000002.1690981553.0000000003E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 00000000.00000002.1690981553.0000000003ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 0000000A.00000002.1723512697.00000000044A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: Process Memory Space: BBVA Colombia__ Aviso de Pago.pdf.bat.exe PID: 6176, type: MEMORYSTR | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: Process Memory Space: yHGBBy.exe PID: 7596, type: MEMORYSTR | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: Process Memory Space: yHGBBy.exe PID: 7724, type: MEMORYSTR | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: dwrite.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: microsoft.management.infrastructure.native.unmanaged.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: miutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wmidcom.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: fastprox.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: ncobjapi.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: mpclient.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: wmitomi.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: mi.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: miutils.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: miutils.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: dwrite.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll | |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: winmm.dll | |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: urlmon.dll | |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: wininet.dll | |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: iertutil.dll | |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: srvcli.dll | |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: netutils.dll | |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Section loaded: kernel.appcore.dll | |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, KWYsLmciOiF0nUBkyUR.cs | High entropy of concatenated method names: 'vat9sE5lbO', 'tFd9VEmWQc', 'fJ7909kLh3', 'OWh9hlaWWL', 'YsP9bhGr1n', 'Cpx93y9y7L', 'jjR9wk1tJo', 'rXR9yRE0VU', 'P8n9p2nXlN', 'cs69dOOL8F' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, fxmtcGyjv789MJqobf.cs | High entropy of concatenated method names: 'QFejC6pkOM', 'X7qjts9pj2', 'AlWjLRIinN', 'YgsjSYH8Kc', 'i4ljfHFVYx', 'EoZjMVvlTF', 'eOGjnef0Y1', 'KeVjl9N5Oe', 'FC9j49Asvo', 'i1AjQOWOuP' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, mUmtLMpyk6qnJPuksC.cs | High entropy of concatenated method names: 'WVvqhkLlNE', 'pu0q3t7pSK', 'C4IqywTtOW', 'C4fqpTAbXX', 't3uqg2wWfO', 'eEeqoeMWQ7', 'IMmqPUOhhH', 'BZIqRu2MPh', 'e9kq9Fh9Iu', 'yAZq8bZi6p' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, S9vBpiUkoCGSyZyyki.cs | High entropy of concatenated method names: 'As7NvZgtGu', 'gK4NqG8FOg', 'lvsNrennSk', 'xiprQ9aXPU', 'FU2rzoXAH8', 'YFONiPaXHj', 'C1cNcSyypt', 'pcoNxyITSD', 't1yN2dybv2', 'zNPN1iGD0V' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, qXjtm2jXHusTine1Sc.cs | High entropy of concatenated method names: 'Dispose', 'JYTc4LNagM', 'lIqxaWaeHO', 'SngDDSFghT', 'paTcQ1LbhI', 'NgdczbUoXV', 'ProcessDialogKey', 'hyCxiXeUcM', 'VToxcAbXMa', 'SUvxxNj82U' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, RZuhOPW2CMscIR77Gw.cs | High entropy of concatenated method names: 'AikuyEcokM', 'jS7updycJ6', 'FfYuK4mt4Y', 'xp2uaWhxSr', 'jXsuDmq16v', 'zCUuJwZbci', 'w14uUtaZbf', 'gjPuEeb4Gv', 'Qb9uY9Yw8R', 'usnuZMQtcU' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, kj82UpQUQYmBd8jfEA.cs | High entropy of concatenated method names: 'P0t9cstLms', 'mBb929vdrW', 'qgD91c1br8', 'NDZ9v3sQqb', 'P7a9jqqqae', 'oUS9XnStQR', 'tuv9rduhRH', 'TDTRn6anm2', 'V0BRlM5x9B', 'USMR4ek1Eg' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, A8o7lrS9hNOHYaAtZT.cs | High entropy of concatenated method names: 'WexPI6WQvK', 'CtCP7XKAWx', 'ToString', 'K4bPvndorx', 'HB9Pjvdkj1', 'gKNPqSDSiI', 'HLyPXkBoWj', 'usyPrPs9rg', 'sacPNt2Mv4', 'R7BPmW4nFM' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, QQ8grmcc46K7txFsjDn.cs | High entropy of concatenated method names: 'ToString', 'PrF82NUDDE', 'AQq81FU93i', 'aEb8GZ8xEW', 'jC58vV6ow2', 'RxF8jOF6Cw', 'uBq8qw3fBH', 'm908XBMy5H', 'PgHpZ0nK9NjhNJcjpsx', 'B1XCDZnlviNGaNrEyyD' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, HT1LbhlIYgdbUoXVXy.cs | High entropy of concatenated method names: 'BlQRvp5WlE', 'yq2Rjrj59I', 'rbtRqMqsGt', 'dyuRXGEBIs', 'rojRrrd6JV', 'q4KRN2OBuv', 'TN6RmQvNdD', 'QyERFNqHLl', 'y9tRISTXJ4', 'kyNR7yXPKQ' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, w2AlQjH0vhHhVsRBhM.cs | High entropy of concatenated method names: 'c7jNsJvclO', 'XWpNVtFt7t', 'Dw5N0N2bqW', 'W9PNha3kxE', 'J3YNbDtl3R', 'Y1vN3hiUuP', 'VaZNwlJevc', 'm0TNylGwuF', 'oNfNpJDQt2', 'qUiNdy27dC' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, K9x2L2M1dAPF13QoY2.cs | High entropy of concatenated method names: 'rmBPl7nE7i', 'CpjPQqHdXP', 'tk0Rie2He8', 'DWiRcsQygn', 'KPpPZIT3cW', 'saSPObmQUS', 'GN1PWGsW93', 'Y8GPCLqyso', 'eUEPtQ0lcT', 'HIWPLajBpq' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, bHDlS4KZowVY3qIwAX.cs | High entropy of concatenated method names: 'vgDrGuNutx', 'yNXrj6vGDU', 'iN9rXipfLJ', 'aR9rNymdVT', 'L6krm3u5YM', 'apnXf53lvB', 'z03XMbA2vh', 'm75Xn6t4Ur', 'PYQXlcqYeQ', 'DmDX4urtTq' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, SADRiGxGQmiIux2Mwc.cs | High entropy of concatenated method names: 'kwP0hCEDu', 'K5ohWul7P', 'yZI3vGPyn', 'ARZw10PqO', 'hZ7pl2G7Q', 'IsKdyD2Cj', 'Vg3SZ442kjU4qrykVD', 'biaBko10CdvLS5KhkQ', 'TMGYF9G1op1ScdpEQq', 'ytCR0M5TH' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, lZmh49qyZZtGAYWUXX.cs | High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'pC2x4BS8Zr', 'ASMxQB8qWf', 'nXkxzSg2wx', 'cW02ipuD4L', 'ln02cTHtrd', 'aQS2xtK21C', 'pSk22DNFNj', 'XUClrJ3p4O1RqrVBL15' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, T2hnNgmfODVZFK91C0.cs | High entropy of concatenated method names: 'hRj2Godv3A', 'dbS2vOIk0u', 'KjL2jhxkod', 'RJS2qRfHTV', 'zMK2XbGNNe', 'PEU2r8aiU4', 'Eit2Nj3tJt', 'III2mFv9fF', 'fCR2FXiPjy', 'VKo2IQFUgX' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, dOydIT1rW318VtTwQD.cs | High entropy of concatenated method names: 'hxvcNxmtcG', 'gv7cm89MJq', 'UykcI6qnJP', 'nksc7CwD9k', 'ftmcgRXcHD', 'WS4coZowVY', 'eJaLvZvMm8xiRqROYm', 'PKsPIjFsc5pUjoNVvV', 'OBcccJpRj0', 'IVfc2JW8ng' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, FY78JACknCOVd84RrN.cs | High entropy of concatenated method names: 'bGugYmbF9J', 'CEEgO7Y7LU', 'GOvgCVmadQ', 'TrHgtUMtq2', 'l0mgaIq1yX', 'eSXgBUg0c6', 'D52gDy0fxs', 'QmDgJA4q3R', 'm16gepM1Rh', 'Rf2gUbATlr' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, CD9kJyd3E2Av4vtmRX.cs | High entropy of concatenated method names: 'p7UXbeNOXF', 'bFpXwwFtup', 'vN1qBtcWjL', 'K6VqDQuqXr', 'fyqqJaCxjj', 'CAJqeAR3uI', 'N1XqUdEZ6I', 'QQhqEr0Ari', 'IM7qHS5Dti', 'VwuqYyGCpG' |
Source: 0.2.BBVA Colombia__ Aviso de Pago.pdf.bat.exe.8620000.5.raw.unpack, QNyCPtLHUuX6b5HMV0.cs | High entropy of concatenated method names: 'ToString', 'Ld1oZ19JmJ', 'zVDoaWdM8r', 'AKQoB5B0Kn', 'eS3oDBS6aT', 'iVLoJbmXsr', 'JqDoeEgNBV', 'R98oUYcEyK', 'F1KoE15saR', 'E3eoHvTCXF' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, KWYsLmciOiF0nUBkyUR.cs | High entropy of concatenated method names: 'vat9sE5lbO', 'tFd9VEmWQc', 'fJ7909kLh3', 'OWh9hlaWWL', 'YsP9bhGr1n', 'Cpx93y9y7L', 'jjR9wk1tJo', 'rXR9yRE0VU', 'P8n9p2nXlN', 'cs69dOOL8F' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, fxmtcGyjv789MJqobf.cs | High entropy of concatenated method names: 'QFejC6pkOM', 'X7qjts9pj2', 'AlWjLRIinN', 'YgsjSYH8Kc', 'i4ljfHFVYx', 'EoZjMVvlTF', 'eOGjnef0Y1', 'KeVjl9N5Oe', 'FC9j49Asvo', 'i1AjQOWOuP' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, mUmtLMpyk6qnJPuksC.cs | High entropy of concatenated method names: 'WVvqhkLlNE', 'pu0q3t7pSK', 'C4IqywTtOW', 'C4fqpTAbXX', 't3uqg2wWfO', 'eEeqoeMWQ7', 'IMmqPUOhhH', 'BZIqRu2MPh', 'e9kq9Fh9Iu', 'yAZq8bZi6p' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, S9vBpiUkoCGSyZyyki.cs | High entropy of concatenated method names: 'As7NvZgtGu', 'gK4NqG8FOg', 'lvsNrennSk', 'xiprQ9aXPU', 'FU2rzoXAH8', 'YFONiPaXHj', 'C1cNcSyypt', 'pcoNxyITSD', 't1yN2dybv2', 'zNPN1iGD0V' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, qXjtm2jXHusTine1Sc.cs | High entropy of concatenated method names: 'Dispose', 'JYTc4LNagM', 'lIqxaWaeHO', 'SngDDSFghT', 'paTcQ1LbhI', 'NgdczbUoXV', 'ProcessDialogKey', 'hyCxiXeUcM', 'VToxcAbXMa', 'SUvxxNj82U' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, RZuhOPW2CMscIR77Gw.cs | High entropy of concatenated method names: 'AikuyEcokM', 'jS7updycJ6', 'FfYuK4mt4Y', 'xp2uaWhxSr', 'jXsuDmq16v', 'zCUuJwZbci', 'w14uUtaZbf', 'gjPuEeb4Gv', 'Qb9uY9Yw8R', 'usnuZMQtcU' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, kj82UpQUQYmBd8jfEA.cs | High entropy of concatenated method names: 'P0t9cstLms', 'mBb929vdrW', 'qgD91c1br8', 'NDZ9v3sQqb', 'P7a9jqqqae', 'oUS9XnStQR', 'tuv9rduhRH', 'TDTRn6anm2', 'V0BRlM5x9B', 'USMR4ek1Eg' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, A8o7lrS9hNOHYaAtZT.cs | High entropy of concatenated method names: 'WexPI6WQvK', 'CtCP7XKAWx', 'ToString', 'K4bPvndorx', 'HB9Pjvdkj1', 'gKNPqSDSiI', 'HLyPXkBoWj', 'usyPrPs9rg', 'sacPNt2Mv4', 'R7BPmW4nFM' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, QQ8grmcc46K7txFsjDn.cs | High entropy of concatenated method names: 'ToString', 'PrF82NUDDE', 'AQq81FU93i', 'aEb8GZ8xEW', 'jC58vV6ow2', 'RxF8jOF6Cw', 'uBq8qw3fBH', 'm908XBMy5H', 'PgHpZ0nK9NjhNJcjpsx', 'B1XCDZnlviNGaNrEyyD' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, HT1LbhlIYgdbUoXVXy.cs | High entropy of concatenated method names: 'BlQRvp5WlE', 'yq2Rjrj59I', 'rbtRqMqsGt', 'dyuRXGEBIs', 'rojRrrd6JV', 'q4KRN2OBuv', 'TN6RmQvNdD', 'QyERFNqHLl', 'y9tRISTXJ4', 'kyNR7yXPKQ' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, w2AlQjH0vhHhVsRBhM.cs | High entropy of concatenated method names: 'c7jNsJvclO', 'XWpNVtFt7t', 'Dw5N0N2bqW', 'W9PNha3kxE', 'J3YNbDtl3R', 'Y1vN3hiUuP', 'VaZNwlJevc', 'm0TNylGwuF', 'oNfNpJDQt2', 'qUiNdy27dC' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, K9x2L2M1dAPF13QoY2.cs | High entropy of concatenated method names: 'rmBPl7nE7i', 'CpjPQqHdXP', 'tk0Rie2He8', 'DWiRcsQygn', 'KPpPZIT3cW', 'saSPObmQUS', 'GN1PWGsW93', 'Y8GPCLqyso', 'eUEPtQ0lcT', 'HIWPLajBpq' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, bHDlS4KZowVY3qIwAX.cs | High entropy of concatenated method names: 'vgDrGuNutx', 'yNXrj6vGDU', 'iN9rXipfLJ', 'aR9rNymdVT', 'L6krm3u5YM', 'apnXf53lvB', 'z03XMbA2vh', 'm75Xn6t4Ur', 'PYQXlcqYeQ', 'DmDX4urtTq' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, SADRiGxGQmiIux2Mwc.cs | High entropy of concatenated method names: 'kwP0hCEDu', 'K5ohWul7P', 'yZI3vGPyn', 'ARZw10PqO', 'hZ7pl2G7Q', 'IsKdyD2Cj', 'Vg3SZ442kjU4qrykVD', 'biaBko10CdvLS5KhkQ', 'TMGYF9G1op1ScdpEQq', 'ytCR0M5TH' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, lZmh49qyZZtGAYWUXX.cs | High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'pC2x4BS8Zr', 'ASMxQB8qWf', 'nXkxzSg2wx', 'cW02ipuD4L', 'ln02cTHtrd', 'aQS2xtK21C', 'pSk22DNFNj', 'XUClrJ3p4O1RqrVBL15' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, T2hnNgmfODVZFK91C0.cs | High entropy of concatenated method names: 'hRj2Godv3A', 'dbS2vOIk0u', 'KjL2jhxkod', 'RJS2qRfHTV', 'zMK2XbGNNe', 'PEU2r8aiU4', 'Eit2Nj3tJt', 'III2mFv9fF', 'fCR2FXiPjy', 'VKo2IQFUgX' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, dOydIT1rW318VtTwQD.cs | High entropy of concatenated method names: 'hxvcNxmtcG', 'gv7cm89MJq', 'UykcI6qnJP', 'nksc7CwD9k', 'ftmcgRXcHD', 'WS4coZowVY', 'eJaLvZvMm8xiRqROYm', 'PKsPIjFsc5pUjoNVvV', 'OBcccJpRj0', 'IVfc2JW8ng' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, FY78JACknCOVd84RrN.cs | High entropy of concatenated method names: 'bGugYmbF9J', 'CEEgO7Y7LU', 'GOvgCVmadQ', 'TrHgtUMtq2', 'l0mgaIq1yX', 'eSXgBUg0c6', 'D52gDy0fxs', 'QmDgJA4q3R', 'm16gepM1Rh', 'Rf2gUbATlr' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, CD9kJyd3E2Av4vtmRX.cs | High entropy of concatenated method names: 'p7UXbeNOXF', 'bFpXwwFtup', 'vN1qBtcWjL', 'K6VqDQuqXr', 'fyqqJaCxjj', 'CAJqeAR3uI', 'N1XqUdEZ6I', 'QQhqEr0Ari', 'IM7qHS5Dti', 'VwuqYyGCpG' |
Source: 10.2.yHGBBy.exe.48fea38.2.raw.unpack, QNyCPtLHUuX6b5HMV0.cs | High entropy of concatenated method names: 'ToString', 'Ld1oZ19JmJ', 'zVDoaWdM8r', 'AKQoB5B0Kn', 'eS3oDBS6aT', 'iVLoJbmXsr', 'JqDoeEgNBV', 'R98oUYcEyK', 'F1KoE15saR', 'E3eoHvTCXF' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, KWYsLmciOiF0nUBkyUR.cs | High entropy of concatenated method names: 'vat9sE5lbO', 'tFd9VEmWQc', 'fJ7909kLh3', 'OWh9hlaWWL', 'YsP9bhGr1n', 'Cpx93y9y7L', 'jjR9wk1tJo', 'rXR9yRE0VU', 'P8n9p2nXlN', 'cs69dOOL8F' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, fxmtcGyjv789MJqobf.cs | High entropy of concatenated method names: 'QFejC6pkOM', 'X7qjts9pj2', 'AlWjLRIinN', 'YgsjSYH8Kc', 'i4ljfHFVYx', 'EoZjMVvlTF', 'eOGjnef0Y1', 'KeVjl9N5Oe', 'FC9j49Asvo', 'i1AjQOWOuP' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, mUmtLMpyk6qnJPuksC.cs | High entropy of concatenated method names: 'WVvqhkLlNE', 'pu0q3t7pSK', 'C4IqywTtOW', 'C4fqpTAbXX', 't3uqg2wWfO', 'eEeqoeMWQ7', 'IMmqPUOhhH', 'BZIqRu2MPh', 'e9kq9Fh9Iu', 'yAZq8bZi6p' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, S9vBpiUkoCGSyZyyki.cs | High entropy of concatenated method names: 'As7NvZgtGu', 'gK4NqG8FOg', 'lvsNrennSk', 'xiprQ9aXPU', 'FU2rzoXAH8', 'YFONiPaXHj', 'C1cNcSyypt', 'pcoNxyITSD', 't1yN2dybv2', 'zNPN1iGD0V' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, qXjtm2jXHusTine1Sc.cs | High entropy of concatenated method names: 'Dispose', 'JYTc4LNagM', 'lIqxaWaeHO', 'SngDDSFghT', 'paTcQ1LbhI', 'NgdczbUoXV', 'ProcessDialogKey', 'hyCxiXeUcM', 'VToxcAbXMa', 'SUvxxNj82U' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, RZuhOPW2CMscIR77Gw.cs | High entropy of concatenated method names: 'AikuyEcokM', 'jS7updycJ6', 'FfYuK4mt4Y', 'xp2uaWhxSr', 'jXsuDmq16v', 'zCUuJwZbci', 'w14uUtaZbf', 'gjPuEeb4Gv', 'Qb9uY9Yw8R', 'usnuZMQtcU' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, kj82UpQUQYmBd8jfEA.cs | High entropy of concatenated method names: 'P0t9cstLms', 'mBb929vdrW', 'qgD91c1br8', 'NDZ9v3sQqb', 'P7a9jqqqae', 'oUS9XnStQR', 'tuv9rduhRH', 'TDTRn6anm2', 'V0BRlM5x9B', 'USMR4ek1Eg' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, A8o7lrS9hNOHYaAtZT.cs | High entropy of concatenated method names: 'WexPI6WQvK', 'CtCP7XKAWx', 'ToString', 'K4bPvndorx', 'HB9Pjvdkj1', 'gKNPqSDSiI', 'HLyPXkBoWj', 'usyPrPs9rg', 'sacPNt2Mv4', 'R7BPmW4nFM' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, QQ8grmcc46K7txFsjDn.cs | High entropy of concatenated method names: 'ToString', 'PrF82NUDDE', 'AQq81FU93i', 'aEb8GZ8xEW', 'jC58vV6ow2', 'RxF8jOF6Cw', 'uBq8qw3fBH', 'm908XBMy5H', 'PgHpZ0nK9NjhNJcjpsx', 'B1XCDZnlviNGaNrEyyD' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, HT1LbhlIYgdbUoXVXy.cs | High entropy of concatenated method names: 'BlQRvp5WlE', 'yq2Rjrj59I', 'rbtRqMqsGt', 'dyuRXGEBIs', 'rojRrrd6JV', 'q4KRN2OBuv', 'TN6RmQvNdD', 'QyERFNqHLl', 'y9tRISTXJ4', 'kyNR7yXPKQ' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, w2AlQjH0vhHhVsRBhM.cs | High entropy of concatenated method names: 'c7jNsJvclO', 'XWpNVtFt7t', 'Dw5N0N2bqW', 'W9PNha3kxE', 'J3YNbDtl3R', 'Y1vN3hiUuP', 'VaZNwlJevc', 'm0TNylGwuF', 'oNfNpJDQt2', 'qUiNdy27dC' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, K9x2L2M1dAPF13QoY2.cs | High entropy of concatenated method names: 'rmBPl7nE7i', 'CpjPQqHdXP', 'tk0Rie2He8', 'DWiRcsQygn', 'KPpPZIT3cW', 'saSPObmQUS', 'GN1PWGsW93', 'Y8GPCLqyso', 'eUEPtQ0lcT', 'HIWPLajBpq' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, bHDlS4KZowVY3qIwAX.cs | High entropy of concatenated method names: 'vgDrGuNutx', 'yNXrj6vGDU', 'iN9rXipfLJ', 'aR9rNymdVT', 'L6krm3u5YM', 'apnXf53lvB', 'z03XMbA2vh', 'm75Xn6t4Ur', 'PYQXlcqYeQ', 'DmDX4urtTq' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, SADRiGxGQmiIux2Mwc.cs | High entropy of concatenated method names: 'kwP0hCEDu', 'K5ohWul7P', 'yZI3vGPyn', 'ARZw10PqO', 'hZ7pl2G7Q', 'IsKdyD2Cj', 'Vg3SZ442kjU4qrykVD', 'biaBko10CdvLS5KhkQ', 'TMGYF9G1op1ScdpEQq', 'ytCR0M5TH' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, lZmh49qyZZtGAYWUXX.cs | High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'pC2x4BS8Zr', 'ASMxQB8qWf', 'nXkxzSg2wx', 'cW02ipuD4L', 'ln02cTHtrd', 'aQS2xtK21C', 'pSk22DNFNj', 'XUClrJ3p4O1RqrVBL15' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, T2hnNgmfODVZFK91C0.cs | High entropy of concatenated method names: 'hRj2Godv3A', 'dbS2vOIk0u', 'KjL2jhxkod', 'RJS2qRfHTV', 'zMK2XbGNNe', 'PEU2r8aiU4', 'Eit2Nj3tJt', 'III2mFv9fF', 'fCR2FXiPjy', 'VKo2IQFUgX' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, dOydIT1rW318VtTwQD.cs | High entropy of concatenated method names: 'hxvcNxmtcG', 'gv7cm89MJq', 'UykcI6qnJP', 'nksc7CwD9k', 'ftmcgRXcHD', 'WS4coZowVY', 'eJaLvZvMm8xiRqROYm', 'PKsPIjFsc5pUjoNVvV', 'OBcccJpRj0', 'IVfc2JW8ng' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, FY78JACknCOVd84RrN.cs | High entropy of concatenated method names: 'bGugYmbF9J', 'CEEgO7Y7LU', 'GOvgCVmadQ', 'TrHgtUMtq2', 'l0mgaIq1yX', 'eSXgBUg0c6', 'D52gDy0fxs', 'QmDgJA4q3R', 'm16gepM1Rh', 'Rf2gUbATlr' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, CD9kJyd3E2Av4vtmRX.cs | High entropy of concatenated method names: 'p7UXbeNOXF', 'bFpXwwFtup', 'vN1qBtcWjL', 'K6VqDQuqXr', 'fyqqJaCxjj', 'CAJqeAR3uI', 'N1XqUdEZ6I', 'QQhqEr0Ari', 'IM7qHS5Dti', 'VwuqYyGCpG' |
Source: 10.2.yHGBBy.exe.4847818.1.raw.unpack, QNyCPtLHUuX6b5HMV0.cs | High entropy of concatenated method names: 'ToString', 'Ld1oZ19JmJ', 'zVDoaWdM8r', 'AKQoB5B0Kn', 'eS3oDBS6aT', 'iVLoJbmXsr', 'JqDoeEgNBV', 'R98oUYcEyK', 'F1KoE15saR', 'E3eoHvTCXF' |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\BBVA Colombia__ Aviso de Pago.pdf.bat.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Queries volume information: C:\Users\user\AppData\Roaming\yHGBBy.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\yHGBBy.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |