| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: dwrite.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: propsys.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: edputil.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: urlmon.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: appresolver.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: slc.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: sppc.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: winnsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: mswsock.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: secur32.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: schannel.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Section loaded: dpapi.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: fastprox.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: ncobjapi.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: mpclient.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wmitomi.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: mi.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: miutils.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: miutils.dll |
Jump to behavior |
| Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: dwrite.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: propsys.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: edputil.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: urlmon.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: appresolver.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: slc.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: sppc.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: kernel.appcore.dll |
|
| Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: taskschd.dll |
|
| Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: sspicli.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: mscoree.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: kernel.appcore.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: version.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: vcruntime140_clr0400.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: ucrtbase_clr0400.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: uxtheme.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: windows.storage.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: wldp.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: profapi.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: cryptsp.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: rsaenh.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: cryptbase.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: wbemcomn.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: amsi.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: userenv.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: sspicli.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: vaultcli.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: wintypes.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: iphlpapi.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: dnsapi.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: dhcpcsvc6.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: dhcpcsvc.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: winnsi.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: mswsock.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: rasadhlp.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: fwpuclnt.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: secur32.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: schannel.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: mskeyprotect.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: ntasn1.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: ncrypt.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: ncryptsslp.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: msasn1.dll |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Section loaded: dpapi.dll |
|
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, g4Qs8M5oWwROxbKec3.cs |
High entropy of concatenated method names: 'fGG6ov0mZ1', 'z9861YA9qS', 'O8W6tBllRO', 'RZf6Ev8JCW', 'c1q6JVyrhH', 'qFy6l03KBO', 'v4E60y3waN', 'XgV69ehsdG', 'FLQ6ZwkB9k', 'QcI6aJgQw9' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, zgxQIxz5lAukYUxvcV.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LYurI4lJjl', 'DZQre7PP7g', 'AetrDsDgK8', 'b1KrN59af1', 'SJmrOnkyC9', 'PAZrrXZ5KF', 'AFYr24Uy4L' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, JTnk9wqS5upEMWkVDI.cs |
High entropy of concatenated method names: 'GODHWatdyD3ai5D1mqb', 'wX7NoKtHR7EPQpZs1Cu', 'rl9HOgrwQ3', 'obXHrWJFf7', 'fOTH2E62eW', 'DNVxNAt0Ia2l0xdeW2U', 'g4ZJ6stceAIeDFVhj9b' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, SIM1vrU83M80n3ghnSU.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'HHt27t0dj1', 'P6e25Aj47u', 'f822nRZ0KS', 'kry2gEkAIN', 'dFk2mY6FjV', 'hlY2RQK7k7', 'nn82crIklZ' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, a9Jf6RK6DvE2Wnfcjo.cs |
High entropy of concatenated method names: 'SgFOKOZ7jN', 'hdPO3nLxXA', 'IuCOpkPas1', 'nCWOSFBJaE', 'PrwOHREnrc', 'GqfO6MTlq0', 'xlFOd5LqVr', 'FcyOP1ioIq', 'bSVO8SuU9p', 'wNrOMyTk2S' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, KGrF0bFArvIPSaM0rx.cs |
High entropy of concatenated method names: 'j7R6KrOXAv', 'vlK6pleJPp', 'bDd6H6KmlL', 'pa4Hu9CPFO', 'Q6GHzydtKx', 'nTc64MpboE', 'C5f6X89O3m', 'FLo6LyareV', 'sdO6jnCGYy', 'uub6kiZVeu' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, EGW1In2sxEk72sqfx8.cs |
High entropy of concatenated method names: 'w8ijq3hQbi', 'RZjjKT3yWN', 'InBj3trNVt', 'frpjpLw6f9', 'GonjSyJEsT', 'nMojHN4oJc', 'a3rj6s71t0', 'BEPjdDGFqu', 'zfPjPpH7wZ', 'Fw3j85RExc' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, JGt8leideG3tEw3FFw.cs |
High entropy of concatenated method names: 'p8BX69Chcm', 'UdpXdAgx8X', 'pTdX8nRXOG', 'Y1DXM4BNDw', 'IPBXeP2W5U', 'V47XDb8nZZ', 'M7WVG0WMmBLAQT0Nk1', 'GrTuMf1AHyW0wtkhgm', 'kiVgIFkicWxHjSBOOQ', 'wITXXrC79k' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, qq8b56hyCVeqo4mhxD.cs |
High entropy of concatenated method names: 'L2VOWS122e', 'e0JOACvmn6', 'JH3OQf8KJ5', 'l0pOsWDL3b', 'HFCO7ep4Xh', 'VePOiTR8oR', 'Next', 'Next', 'Next', 'NextBytes' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, z5urZkslVeJkKSP9xS.cs |
High entropy of concatenated method names: 'l2EeT1qhRI', 'jYeebNyP8b', 'Cmle7GWpFr', 'OT6e54YlQW', 'lK0eAyVwwA', 'vv2eQSSfsl', 'nOfesef6a5', 'iCIeiMNFnj', 'lJdewQnU0s', 'q2HeCgVLQP' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, LpC6HlESRmbB0HCWjb.cs |
High entropy of concatenated method names: 'I1IrXvySP7', 'bPRrjLiKld', 'zIsrk9F5nP', 'GN0rKWEyxT', 'dO3r3vuvGE', 'kwvrSguksF', 'mHirH1VBOu', 'rwVOc3f1Eh', 'hFUOhxg0HP', 'quZOy4Json' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, FpLxU0USGQJ0hASUnF9.cs |
High entropy of concatenated method names: 'vyLrojyPsh', 'd6Wr1VCg7Y', 'twlrtyio0H', 'LMtrEGXROm', 'e4JrJ8F9g8', 'juxrlZSMbK', 'J8Hr0byZk5', 'iY4r946lWx', 'kTbrZnahfs', 'KErraLc6ld' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, EQSd2GR5QIKoQb3pwL.cs |
High entropy of concatenated method names: 'Dispose', 'FMbXyt4mVu', 'gB4LAHpEeU', 'XbiVVNu8KF', 'BaPXueQq8L', 'rdMXzu6F6m', 'ProcessDialogKey', 'hDoL4o7n0C', 'tI5LXTJfFI', 'mHSLLMvn5X' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, YytYwTXRVn7U81VOno.cs |
High entropy of concatenated method names: 'i0p37pHOV4', 'cqL35EtsJm', 'sDZ3noBtXj', 'Fpe3g5miCu', 'CEN3m3L8eX', 'sXF3RfPcUB', 'EZr3cbFn9p', 'mFo3hnHetx', 'QNh3y2YjO1', 'HYU3u0bxtc' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, VkYf5BPjdXsGlTY65o.cs |
High entropy of concatenated method names: 'SxIpEN6DTu', 'nckplmVpkn', 'SZIp9KW9iu', 'JffpZ40gCj', 'qohpeXV1ti', 'yvMpDKy4ev', 'LTppNWvUGU', 'ypOpOYiyNg', 'NI7pr08V0a', 'IFhp2ElSPx' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, MCfrSMWdlxWVY1IL1f.cs |
High entropy of concatenated method names: 'ID3I9I8why', 'sPsIZDLsUK', 'RjbIW0rOAZ', 'LHBIA7rIpf', 'q5pIsyM4ff', 'sC1IipnrZd', 'jwPICf1Uxx', 'QPwIGGvWyw', 'XaxITJdgdg', 'CRWIf1WYjN' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, boHndMrnP1k12e3lIF.cs |
High entropy of concatenated method names: 'a69Nh8xuT6', 'eHYNubMpPh', 'C37O4cOH0m', 'P1FOXmZ7Re', 'byHNfIywoB', 'oYUNbRyQaL', 'wUrNYDV574', 'q5XN7EYIHj', 'ICSN5RR8PQ', 'X5HNndBiEf' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, CFC8oSAR2QsHjWaGqv.cs |
High entropy of concatenated method names: 'gXXtV7N8f', 'VM9EyVCGl', 'gEDlu2red', 'MDQ0i5x24', 'FeqZNnCFY', 'pJGahV8rN', 'vLFOcvFxvkQxqmT7ZW', 'Mla4EfKO5pGeg00Eew', 'Br2OaRLQA', 'hay2g3TJH' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, J4ugg54wIbg5846ALq.cs |
High entropy of concatenated method names: 'la7Hq9VSxc', 'aOHH3yGFAY', 'ItIHS3DB6v', 'YJQH6lopwl', 'ErwHdj0tBY', 't9oSmkXEcX', 'MtPSRBLA0Y', 'kBpScqIPBb', 'XSUShWqoe0', 'WnNSyEt9bp' |
| Source: 0.2.PROFORMA FATURA.exe.491f340.2.raw.unpack, hIIN84dB4yLGgx3Xmo.cs |
High entropy of concatenated method names: 'KNFN8NcRIV', 'OvDNMdJccD', 'ToString', 'HSwNKchN9D', 'PYYN33RFbY', 'iYFNprc0lR', 'X0GNSISsMI', 'VpcNHWkyAr', 'yD1N6uIZ7j', 'SPfNdnynLO' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, g4Qs8M5oWwROxbKec3.cs |
High entropy of concatenated method names: 'fGG6ov0mZ1', 'z9861YA9qS', 'O8W6tBllRO', 'RZf6Ev8JCW', 'c1q6JVyrhH', 'qFy6l03KBO', 'v4E60y3waN', 'XgV69ehsdG', 'FLQ6ZwkB9k', 'QcI6aJgQw9' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, zgxQIxz5lAukYUxvcV.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LYurI4lJjl', 'DZQre7PP7g', 'AetrDsDgK8', 'b1KrN59af1', 'SJmrOnkyC9', 'PAZrrXZ5KF', 'AFYr24Uy4L' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, JTnk9wqS5upEMWkVDI.cs |
High entropy of concatenated method names: 'GODHWatdyD3ai5D1mqb', 'wX7NoKtHR7EPQpZs1Cu', 'rl9HOgrwQ3', 'obXHrWJFf7', 'fOTH2E62eW', 'DNVxNAt0Ia2l0xdeW2U', 'g4ZJ6stceAIeDFVhj9b' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, SIM1vrU83M80n3ghnSU.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'HHt27t0dj1', 'P6e25Aj47u', 'f822nRZ0KS', 'kry2gEkAIN', 'dFk2mY6FjV', 'hlY2RQK7k7', 'nn82crIklZ' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, a9Jf6RK6DvE2Wnfcjo.cs |
High entropy of concatenated method names: 'SgFOKOZ7jN', 'hdPO3nLxXA', 'IuCOpkPas1', 'nCWOSFBJaE', 'PrwOHREnrc', 'GqfO6MTlq0', 'xlFOd5LqVr', 'FcyOP1ioIq', 'bSVO8SuU9p', 'wNrOMyTk2S' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, KGrF0bFArvIPSaM0rx.cs |
High entropy of concatenated method names: 'j7R6KrOXAv', 'vlK6pleJPp', 'bDd6H6KmlL', 'pa4Hu9CPFO', 'Q6GHzydtKx', 'nTc64MpboE', 'C5f6X89O3m', 'FLo6LyareV', 'sdO6jnCGYy', 'uub6kiZVeu' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, EGW1In2sxEk72sqfx8.cs |
High entropy of concatenated method names: 'w8ijq3hQbi', 'RZjjKT3yWN', 'InBj3trNVt', 'frpjpLw6f9', 'GonjSyJEsT', 'nMojHN4oJc', 'a3rj6s71t0', 'BEPjdDGFqu', 'zfPjPpH7wZ', 'Fw3j85RExc' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, JGt8leideG3tEw3FFw.cs |
High entropy of concatenated method names: 'p8BX69Chcm', 'UdpXdAgx8X', 'pTdX8nRXOG', 'Y1DXM4BNDw', 'IPBXeP2W5U', 'V47XDb8nZZ', 'M7WVG0WMmBLAQT0Nk1', 'GrTuMf1AHyW0wtkhgm', 'kiVgIFkicWxHjSBOOQ', 'wITXXrC79k' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, qq8b56hyCVeqo4mhxD.cs |
High entropy of concatenated method names: 'L2VOWS122e', 'e0JOACvmn6', 'JH3OQf8KJ5', 'l0pOsWDL3b', 'HFCO7ep4Xh', 'VePOiTR8oR', 'Next', 'Next', 'Next', 'NextBytes' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, z5urZkslVeJkKSP9xS.cs |
High entropy of concatenated method names: 'l2EeT1qhRI', 'jYeebNyP8b', 'Cmle7GWpFr', 'OT6e54YlQW', 'lK0eAyVwwA', 'vv2eQSSfsl', 'nOfesef6a5', 'iCIeiMNFnj', 'lJdewQnU0s', 'q2HeCgVLQP' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, LpC6HlESRmbB0HCWjb.cs |
High entropy of concatenated method names: 'I1IrXvySP7', 'bPRrjLiKld', 'zIsrk9F5nP', 'GN0rKWEyxT', 'dO3r3vuvGE', 'kwvrSguksF', 'mHirH1VBOu', 'rwVOc3f1Eh', 'hFUOhxg0HP', 'quZOy4Json' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, FpLxU0USGQJ0hASUnF9.cs |
High entropy of concatenated method names: 'vyLrojyPsh', 'd6Wr1VCg7Y', 'twlrtyio0H', 'LMtrEGXROm', 'e4JrJ8F9g8', 'juxrlZSMbK', 'J8Hr0byZk5', 'iY4r946lWx', 'kTbrZnahfs', 'KErraLc6ld' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, EQSd2GR5QIKoQb3pwL.cs |
High entropy of concatenated method names: 'Dispose', 'FMbXyt4mVu', 'gB4LAHpEeU', 'XbiVVNu8KF', 'BaPXueQq8L', 'rdMXzu6F6m', 'ProcessDialogKey', 'hDoL4o7n0C', 'tI5LXTJfFI', 'mHSLLMvn5X' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, YytYwTXRVn7U81VOno.cs |
High entropy of concatenated method names: 'i0p37pHOV4', 'cqL35EtsJm', 'sDZ3noBtXj', 'Fpe3g5miCu', 'CEN3m3L8eX', 'sXF3RfPcUB', 'EZr3cbFn9p', 'mFo3hnHetx', 'QNh3y2YjO1', 'HYU3u0bxtc' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, VkYf5BPjdXsGlTY65o.cs |
High entropy of concatenated method names: 'SxIpEN6DTu', 'nckplmVpkn', 'SZIp9KW9iu', 'JffpZ40gCj', 'qohpeXV1ti', 'yvMpDKy4ev', 'LTppNWvUGU', 'ypOpOYiyNg', 'NI7pr08V0a', 'IFhp2ElSPx' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, MCfrSMWdlxWVY1IL1f.cs |
High entropy of concatenated method names: 'ID3I9I8why', 'sPsIZDLsUK', 'RjbIW0rOAZ', 'LHBIA7rIpf', 'q5pIsyM4ff', 'sC1IipnrZd', 'jwPICf1Uxx', 'QPwIGGvWyw', 'XaxITJdgdg', 'CRWIf1WYjN' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, boHndMrnP1k12e3lIF.cs |
High entropy of concatenated method names: 'a69Nh8xuT6', 'eHYNubMpPh', 'C37O4cOH0m', 'P1FOXmZ7Re', 'byHNfIywoB', 'oYUNbRyQaL', 'wUrNYDV574', 'q5XN7EYIHj', 'ICSN5RR8PQ', 'X5HNndBiEf' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, CFC8oSAR2QsHjWaGqv.cs |
High entropy of concatenated method names: 'gXXtV7N8f', 'VM9EyVCGl', 'gEDlu2red', 'MDQ0i5x24', 'FeqZNnCFY', 'pJGahV8rN', 'vLFOcvFxvkQxqmT7ZW', 'Mla4EfKO5pGeg00Eew', 'Br2OaRLQA', 'hay2g3TJH' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, J4ugg54wIbg5846ALq.cs |
High entropy of concatenated method names: 'la7Hq9VSxc', 'aOHH3yGFAY', 'ItIHS3DB6v', 'YJQH6lopwl', 'ErwHdj0tBY', 't9oSmkXEcX', 'MtPSRBLA0Y', 'kBpScqIPBb', 'XSUShWqoe0', 'WnNSyEt9bp' |
| Source: 0.2.PROFORMA FATURA.exe.a080000.6.raw.unpack, hIIN84dB4yLGgx3Xmo.cs |
High entropy of concatenated method names: 'KNFN8NcRIV', 'OvDNMdJccD', 'ToString', 'HSwNKchN9D', 'PYYN33RFbY', 'iYFNprc0lR', 'X0GNSISsMI', 'VpcNHWkyAr', 'yD1N6uIZ7j', 'SPfNdnynLO' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, g4Qs8M5oWwROxbKec3.cs |
High entropy of concatenated method names: 'fGG6ov0mZ1', 'z9861YA9qS', 'O8W6tBllRO', 'RZf6Ev8JCW', 'c1q6JVyrhH', 'qFy6l03KBO', 'v4E60y3waN', 'XgV69ehsdG', 'FLQ6ZwkB9k', 'QcI6aJgQw9' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, zgxQIxz5lAukYUxvcV.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LYurI4lJjl', 'DZQre7PP7g', 'AetrDsDgK8', 'b1KrN59af1', 'SJmrOnkyC9', 'PAZrrXZ5KF', 'AFYr24Uy4L' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, JTnk9wqS5upEMWkVDI.cs |
High entropy of concatenated method names: 'GODHWatdyD3ai5D1mqb', 'wX7NoKtHR7EPQpZs1Cu', 'rl9HOgrwQ3', 'obXHrWJFf7', 'fOTH2E62eW', 'DNVxNAt0Ia2l0xdeW2U', 'g4ZJ6stceAIeDFVhj9b' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, SIM1vrU83M80n3ghnSU.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'HHt27t0dj1', 'P6e25Aj47u', 'f822nRZ0KS', 'kry2gEkAIN', 'dFk2mY6FjV', 'hlY2RQK7k7', 'nn82crIklZ' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, a9Jf6RK6DvE2Wnfcjo.cs |
High entropy of concatenated method names: 'SgFOKOZ7jN', 'hdPO3nLxXA', 'IuCOpkPas1', 'nCWOSFBJaE', 'PrwOHREnrc', 'GqfO6MTlq0', 'xlFOd5LqVr', 'FcyOP1ioIq', 'bSVO8SuU9p', 'wNrOMyTk2S' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, KGrF0bFArvIPSaM0rx.cs |
High entropy of concatenated method names: 'j7R6KrOXAv', 'vlK6pleJPp', 'bDd6H6KmlL', 'pa4Hu9CPFO', 'Q6GHzydtKx', 'nTc64MpboE', 'C5f6X89O3m', 'FLo6LyareV', 'sdO6jnCGYy', 'uub6kiZVeu' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, EGW1In2sxEk72sqfx8.cs |
High entropy of concatenated method names: 'w8ijq3hQbi', 'RZjjKT3yWN', 'InBj3trNVt', 'frpjpLw6f9', 'GonjSyJEsT', 'nMojHN4oJc', 'a3rj6s71t0', 'BEPjdDGFqu', 'zfPjPpH7wZ', 'Fw3j85RExc' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, JGt8leideG3tEw3FFw.cs |
High entropy of concatenated method names: 'p8BX69Chcm', 'UdpXdAgx8X', 'pTdX8nRXOG', 'Y1DXM4BNDw', 'IPBXeP2W5U', 'V47XDb8nZZ', 'M7WVG0WMmBLAQT0Nk1', 'GrTuMf1AHyW0wtkhgm', 'kiVgIFkicWxHjSBOOQ', 'wITXXrC79k' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, qq8b56hyCVeqo4mhxD.cs |
High entropy of concatenated method names: 'L2VOWS122e', 'e0JOACvmn6', 'JH3OQf8KJ5', 'l0pOsWDL3b', 'HFCO7ep4Xh', 'VePOiTR8oR', 'Next', 'Next', 'Next', 'NextBytes' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, z5urZkslVeJkKSP9xS.cs |
High entropy of concatenated method names: 'l2EeT1qhRI', 'jYeebNyP8b', 'Cmle7GWpFr', 'OT6e54YlQW', 'lK0eAyVwwA', 'vv2eQSSfsl', 'nOfesef6a5', 'iCIeiMNFnj', 'lJdewQnU0s', 'q2HeCgVLQP' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, LpC6HlESRmbB0HCWjb.cs |
High entropy of concatenated method names: 'I1IrXvySP7', 'bPRrjLiKld', 'zIsrk9F5nP', 'GN0rKWEyxT', 'dO3r3vuvGE', 'kwvrSguksF', 'mHirH1VBOu', 'rwVOc3f1Eh', 'hFUOhxg0HP', 'quZOy4Json' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, FpLxU0USGQJ0hASUnF9.cs |
High entropy of concatenated method names: 'vyLrojyPsh', 'd6Wr1VCg7Y', 'twlrtyio0H', 'LMtrEGXROm', 'e4JrJ8F9g8', 'juxrlZSMbK', 'J8Hr0byZk5', 'iY4r946lWx', 'kTbrZnahfs', 'KErraLc6ld' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, EQSd2GR5QIKoQb3pwL.cs |
High entropy of concatenated method names: 'Dispose', 'FMbXyt4mVu', 'gB4LAHpEeU', 'XbiVVNu8KF', 'BaPXueQq8L', 'rdMXzu6F6m', 'ProcessDialogKey', 'hDoL4o7n0C', 'tI5LXTJfFI', 'mHSLLMvn5X' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, YytYwTXRVn7U81VOno.cs |
High entropy of concatenated method names: 'i0p37pHOV4', 'cqL35EtsJm', 'sDZ3noBtXj', 'Fpe3g5miCu', 'CEN3m3L8eX', 'sXF3RfPcUB', 'EZr3cbFn9p', 'mFo3hnHetx', 'QNh3y2YjO1', 'HYU3u0bxtc' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, VkYf5BPjdXsGlTY65o.cs |
High entropy of concatenated method names: 'SxIpEN6DTu', 'nckplmVpkn', 'SZIp9KW9iu', 'JffpZ40gCj', 'qohpeXV1ti', 'yvMpDKy4ev', 'LTppNWvUGU', 'ypOpOYiyNg', 'NI7pr08V0a', 'IFhp2ElSPx' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, MCfrSMWdlxWVY1IL1f.cs |
High entropy of concatenated method names: 'ID3I9I8why', 'sPsIZDLsUK', 'RjbIW0rOAZ', 'LHBIA7rIpf', 'q5pIsyM4ff', 'sC1IipnrZd', 'jwPICf1Uxx', 'QPwIGGvWyw', 'XaxITJdgdg', 'CRWIf1WYjN' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, boHndMrnP1k12e3lIF.cs |
High entropy of concatenated method names: 'a69Nh8xuT6', 'eHYNubMpPh', 'C37O4cOH0m', 'P1FOXmZ7Re', 'byHNfIywoB', 'oYUNbRyQaL', 'wUrNYDV574', 'q5XN7EYIHj', 'ICSN5RR8PQ', 'X5HNndBiEf' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, CFC8oSAR2QsHjWaGqv.cs |
High entropy of concatenated method names: 'gXXtV7N8f', 'VM9EyVCGl', 'gEDlu2red', 'MDQ0i5x24', 'FeqZNnCFY', 'pJGahV8rN', 'vLFOcvFxvkQxqmT7ZW', 'Mla4EfKO5pGeg00Eew', 'Br2OaRLQA', 'hay2g3TJH' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, J4ugg54wIbg5846ALq.cs |
High entropy of concatenated method names: 'la7Hq9VSxc', 'aOHH3yGFAY', 'ItIHS3DB6v', 'YJQH6lopwl', 'ErwHdj0tBY', 't9oSmkXEcX', 'MtPSRBLA0Y', 'kBpScqIPBb', 'XSUShWqoe0', 'WnNSyEt9bp' |
| Source: 0.2.PROFORMA FATURA.exe.499d360.0.raw.unpack, hIIN84dB4yLGgx3Xmo.cs |
High entropy of concatenated method names: 'KNFN8NcRIV', 'OvDNMdJccD', 'ToString', 'HSwNKchN9D', 'PYYN33RFbY', 'iYFNprc0lR', 'X0GNSISsMI', 'VpcNHWkyAr', 'yD1N6uIZ7j', 'SPfNdnynLO' |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Process information set: NOOPENFILEERRORBOX |
|
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 3108 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4892 |
Thread sleep count: 6979 > 30 |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4892 |
Thread sleep count: 240 > 30 |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7028 |
Thread sleep time: -1844674407370954s >= -30000s |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 404 |
Thread sleep time: -1844674407370954s >= -30000s |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6268 |
Thread sleep time: -4611686018427385s >= -30000s |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2016 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep count: 36 > 30 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -33204139332677172s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -200000s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99874s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 4236 |
Thread sleep count: 5378 > 30 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 4236 |
Thread sleep count: 4439 > 30 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99765s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99654s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99531s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99421s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99312s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99203s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99093s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -98980s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -98859s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -98749s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -98640s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -98531s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -98403s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -98296s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -98186s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -98010s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -97895s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -97777s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -97671s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -97559s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -97452s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -97343s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -97234s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -97124s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -97015s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -96906s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -96796s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -96687s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -96577s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -96468s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -96359s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -96249s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -96140s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -96017s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -95906s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -95796s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -95678s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -95562s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -95446s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99890s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99781s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99672s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99547s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99437s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99328s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99218s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99109s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe TID: 6204 |
Thread sleep time: -99000s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 7100 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep count: 34 > 30 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -31359464925306218s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -100000s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99890s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 2848 |
Thread sleep count: 6586 > 30 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 2848 |
Thread sleep count: 3269 > 30 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99780s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99671s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99561s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99453s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99343s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99220s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99094s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -98984s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -98874s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -98714s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -98216s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -98109s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -97998s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -97888s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -97779s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -97671s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -97562s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -97450s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -97343s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -97234s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -97124s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -97015s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -96906s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -96797s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -96687s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -96578s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -96468s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -96359s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -96250s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -96140s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -96031s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -95921s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99984s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99875s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99765s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99656s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99547s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99437s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99328s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99218s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99109s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -99000s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -98890s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -98781s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -98672s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -98562s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -98453s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -98343s >= -30000s |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe TID: 5208 |
Thread sleep time: -98234s >= -30000s |
|
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 100000 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99874 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99765 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99654 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99531 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99421 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99312 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99203 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99093 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 98980 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 98859 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 98749 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 98640 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 98531 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 98403 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 98296 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 98186 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 98010 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 97895 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 97777 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 97671 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 97559 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 97452 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 97343 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 97234 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 97124 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 97015 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 96906 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 96796 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 96687 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 96577 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 96468 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 96359 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 96249 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 96140 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 96017 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 95906 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 95796 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 95678 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 95562 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 95446 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99890 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99781 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99672 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99547 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99437 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99328 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99218 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99109 |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Thread delayed: delay time: 99000 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 922337203685477 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 100000 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99890 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99780 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99671 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99561 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99453 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99343 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99220 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99094 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 98984 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 98874 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 98714 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 98216 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 98109 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 97998 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 97888 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 97779 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 97671 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 97562 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 97450 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 97343 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 97234 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 97124 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 97015 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 96906 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 96797 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 96687 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 96578 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 96468 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 96359 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 96250 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 96140 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 96031 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 95921 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99984 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99875 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99765 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99656 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99547 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99437 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99328 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99218 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99109 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 99000 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 98890 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 98781 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 98672 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 98562 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 98453 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 98343 |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Thread delayed: delay time: 98234 |
|
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Queries volume information: C:\Users\user\Desktop\PROFORMA FATURA.exe VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Queries volume information: C:\Users\user\Desktop\PROFORMA FATURA.exe VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\PROFORMA FATURA.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Queries volume information: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Queries volume information: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe VolumeInformation |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
|
| Source: C:\Users\user\AppData\Roaming\GvgUQlbRIXOe.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
|
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet