Source: rundll32.exe, 00000005.00000002.1944678630.00000265A5C00000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://45.80.158.31/ |
Source: Hkbsse.exe, 00000001.00000003.1696660497.0000000000D6E000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000001.00000003.1696660497.0000000000D7F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://45.80.158.31/g9bkfkWf/Plugins/clip64.dll |
Source: Hkbsse.exe, 00000001.00000003.1696660497.0000000000D7F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://45.80.158.31/g9bkfkWf/Plugins/clip64.dllndows.storage.dlll |
Source: Hkbsse.exe, 00000001.00000003.1696660497.0000000000D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1944445331.00000265A3D88000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.4126034396.000000000354A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.4126034396.0000000003590000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://45.80.158.31/g9bkfkWf/index.php |
Source: Hkbsse.exe, 00000001.00000003.1696660497.0000000000D6E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://45.80.158.31/g9bkfkWf/index.php?scr=1 |
Source: rundll32.exe, 00000005.00000002.1944445331.00000265A3DB2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1944445331.00000265A3DD3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1944678630.00000265A5C00000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://45.80.158.31/g9bkfkWf/index.php?wal=1 |
Source: rundll32.exe, 00000005.00000002.1944678630.00000265A5C00000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://45.80.158.31/g9bkfkWf/index.php?wal=18 |
Source: rundll32.exe, 00000005.00000002.1944678630.00000265A5C00000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://45.80.158.31/g9bkfkWf/index.php?wal=1urn |
Source: rundll32.exe, 00000008.00000002.4126034396.000000000354A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://45.80.158.31/g9bkfkWf/index.phpk |
Source: rundll32.exe, 00000005.00000002.1944678630.00000265A5C00000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://45.80.158.31/im |
Source: rundll32.exe, 00000005.00000002.1944678630.00000265A5C00000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://45.80.158.31/sP |
Source: powershell.exe, 00000009.00000002.1900026260.000001A9B4A36000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1923706296.000001A9C31D2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000009.00000002.1900026260.000001A9B3388000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000009.00000002.1900026260.000001A9B3388000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/ |
Source: powershell.exe, 00000009.00000002.1900026260.000001A9B3161000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000009.00000002.1900026260.000001A9B3388000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/wsdl/ |
Source: powershell.exe, 00000009.00000002.1900026260.000001A9B3388000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000009.00000002.1900026260.000001A9B3161000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000009.00000002.1900026260.000001A9B3388000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/winsvr-2022-pshelp |
Source: powershell.exe, 00000009.00000002.1900026260.000001A9B4734000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/winsvr-2022-pshelpX |
Source: powershell.exe, 00000009.00000002.1923706296.000001A9C31D2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000009.00000002.1923706296.000001A9C31D2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000009.00000002.1923706296.000001A9C31D2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000009.00000002.1900026260.000001A9B3388000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000009.00000002.1900026260.000001A9B4A36000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1923706296.000001A9C31D2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://nuget.org/nuget.exe |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_006FB219 | 0_2_006FB219 |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_00715054 | 0_2_00715054 |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_0073B17B | 0_2_0073B17B |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_0073C240 | 0_2_0073C240 |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_0073B29B | 0_2_0073B29B |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_007366F0 | 0_2_007366F0 |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_00714865 | 0_2_00714865 |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_00717843 | 0_2_00717843 |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_0072B8A3 | 0_2_0072B8A3 |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_0073AA29 | 0_2_0073AA29 |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_006F4AF0 | 0_2_006F4AF0 |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_00719BE5 | 0_2_00719BE5 |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_00736B88 | 0_2_00736B88 |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_006F4C70 | 0_2_006F4C70 |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_006F4E70 | 0_2_006F4E70 |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_00165054 | 2_2_00165054 |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_0018B17B | 2_2_0018B17B |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_0018C240 | 2_2_0018C240 |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_0018B29B | 2_2_0018B29B |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_001866F0 | 2_2_001866F0 |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_00167843 | 2_2_00167843 |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_00164865 | 2_2_00164865 |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_0017B8A3 | 2_2_0017B8A3 |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_0018AA29 | 2_2_0018AA29 |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_00144AF0 | 2_2_00144AF0 |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_00186B88 | 2_2_00186B88 |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_00169BE5 | 2_2_00169BE5 |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_00144C70 | 2_2_00144C70 |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_00144E70 | 2_2_00144E70 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 8_2_6C833140 | 8_2_6C833140 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 8_2_6C8422C1 | 8_2_6C8422C1 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B4C77F8 | 9_2_00007FFD9B4C77F8 |
Source: unknown | Process created: C:\Users\user\Desktop\I7GcHDtUIF.exe "C:\Users\user\Desktop\I7GcHDtUIF.exe" | |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Process created: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe "C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe" | |
Source: unknown | Process created: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | |
Source: unknown | Process created: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\309a138a12cecf\cred64.dll, Main | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\309a138a12cecf\cred64.dll, Main | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles | |
Source: C:\Windows\System32\netsh.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\309a138a12cecf\clip64.dll, Main | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: unknown | Process created: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Process created: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe "C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\309a138a12cecf\cred64.dll, Main | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\309a138a12cecf\clip64.dll, Main | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\309a138a12cecf\cred64.dll, Main | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: mstask.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: dui70.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: duser.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: chartv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: atlthunk.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: windows.fileexplorer.common.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Section loaded: explorerframe.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: ifmon.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: mprapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rasmontr.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: mfc42u.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: authfwcfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: fwpolicyiomgr.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: fwbase.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dhcpcmonitor.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dot3cfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dot3api.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: onex.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: eappcfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: eappprxy.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: fwcfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: hnetmon.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: netshell.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: netsetupapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: netiohlp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nettrace.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nshhttp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: httpapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nshipsec.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: activeds.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: polstore.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: winipsec.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: adsldpc.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: adsldpc.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nshwfp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: p2pnetsh.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: p2p.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rpcnsh.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wcnnetsh.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wlanapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: whhelper.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wlancfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wshelper.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wwancfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wwapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wcmapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rmclient.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: mobilenetworking.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: peerdistsh.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: ktmw32.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: mprmsg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kdscli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: wininet.dll | |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_0071136C push ecx; ret | 0_2_0071137F |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Code function: 0_2_0070049B push ds; retf 0000h | 0_2_0070049F |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_0016136C push ecx; ret | 2_2_0016137F |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Code function: 2_2_0015049B push ds; retf 0000h | 2_2_0015049F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 8_2_6C8375A6 push ecx; ret | 8_2_6C8375B9 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B4B28FA push ebx; iretd | 9_2_00007FFD9B4B290A |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B4B2785 push ebx; iretd | 9_2_00007FFD9B4B290A |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B58BBCA push ss; ret | 9_2_00007FFD9B58BBD5 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B584BCA push ss; ret | 9_2_00007FFD9B584BCC |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B584BD0 push ss; ret | 9_2_00007FFD9B584BD9 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B58B2CA push esi; retf | 9_2_00007FFD9B58B2CB |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B58CACC push eax; retf 0000h | 9_2_00007FFD9B58CAD5 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B5812CF push ss; ret | 9_2_00007FFD9B5812D1 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B58CAA8 push 140000C9h; retf 0000h | 9_2_00007FFD9B58CAB1 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B58CA8A push esi; retf | 9_2_00007FFD9B58CA8B |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B58B260 push ss; ret | 9_2_00007FFD9B58B263 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B586340 push eax; retf | 9_2_00007FFD9B58634B |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B584B05 push ss; ret | 9_2_00007FFD9B584B0B |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B5862DE push ss; ret | 9_2_00007FFD9B5862E0 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B58AA1B push ss; ret | 9_2_00007FFD9B58AA1E |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B58221A push esi; retf | 9_2_00007FFD9B58221B |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B5888B2 push esi; retf | 9_2_00007FFD9B5888B3 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B58185F push ss; ret | 9_2_00007FFD9B581861 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B589942 push ss; ret | 9_2_00007FFD9B589944 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B5837A8 push eax; retf | 9_2_00007FFD9B5837B3 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B582F98 push ss; ret | 9_2_00007FFD9B582F9A |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B58CF60 push eax; iretd | 9_2_00007FFD9B58CF61 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B58285C push ss; ret | 9_2_00007FFD9B582865 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B582856 push ss; ret | 9_2_00007FFD9B582858 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B58AFFA push ss; ret | 9_2_00007FFD9B58AFFD |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Code function: 9_2_00007FFD9B586E64 push ss; ret | 9_2_00007FFD9B586E6C |
Source: C:\Users\user\Desktop\I7GcHDtUIF.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Roaming\309a138a12cecf\cred64.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Roaming\309a138a12cecf\cred64.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Roaming\309a138a12cecf\clip64.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Roaming\309a138a12cecf\clip64.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE.xlsx VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\Desktop\LTKMYBSEYZ.xlsx VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU.docx VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU.xlsx VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN.docx VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN.xlsx VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ.docx VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\Desktop\XZXHAVGRAG.docx VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: Yara match | File source: I7GcHDtUIF.exe, type: SAMPLE |
Source: Yara match | File source: 8.2.rundll32.exe.6c830000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.0.Hkbsse.exe.140000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.0.I7GcHDtUIF.exe.6f0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.0.Hkbsse.exe.140000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Hkbsse.exe.140000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.Hkbsse.exe.140000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.Hkbsse.exe.140000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.I7GcHDtUIF.exe.6f0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.Hkbsse.exe.140000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.Hkbsse.exe.140000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.1665054167.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.1669548119.0000000000141000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000000.1659071184.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000000.2288882399.0000000000141000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000002.2290214428.0000000000141000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000000.1664512178.0000000000141000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000000.1667726403.0000000000141000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.1692138583.0000000000141000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY |
Source: Yara match | File source: 00000008.00000002.4126459506.000000006C831000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.1689588542.0000000000141000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY |
Source: Yara match | File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll, type: DROPPED |
Source: Yara match | File source: C:\Users\user\AppData\Roaming\309a138a12cecf\clip64.dll, type: DROPPED |
Source: Yara match | File source: C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe, type: DROPPED |
Source: Yara match | File source: C:\Users\user\AppData\Roaming\309a138a12cecf\cred64.dll, type: DROPPED |
Source: Yara match | File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll, type: DROPPED |