Source: NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000033EC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?L |
Source: NXPYoHNSgv.exe, 00000000.00000002.2155642817.000000000402D000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000000.00000002.2155642817.0000000003E09000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4614455750.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded |
Source: NXPYoHNSgv.exe, 00000000.00000002.2155642817.000000000402D000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000000.00000002.2155642817.0000000003E09000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4614455750.0000000000402000.00000040.00000400.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.0000000003381000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://aborters.duckdns.org:8081 |
Source: NXPYoHNSgv.exe, 00000000.00000002.2155642817.000000000402D000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000000.00000002.2155642817.0000000003E09000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4614455750.0000000000402000.00000040.00000400.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.0000000003381000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://anotherarmy.dns.army:8081 |
Source: NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006B63000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006BAD000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4616510584.0000000001547000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
Source: NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006B63000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006BAD000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000033CD000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4616510584.0000000001547000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000033EC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/RapidSSLGlobalTLSRSA4096SHA2562022CA1.crt0 |
Source: NXPYoHNSgv.exe, 00000005.00000002.4620367075.0000000003381000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: NXPYoHNSgv.exe, 00000000.00000002.2155642817.000000000402D000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000000.00000002.2155642817.0000000003E09000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4614455750.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/q |
Source: NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006B63000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006BAD000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4616510584.0000000001547000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006B63000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006BAD000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000033CD000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4616510584.0000000001547000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000033EC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/RapidSSLGlobalTLSRSA4096SHA2562022CA1.crl0H |
Source: NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006BAD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/RapidSSLGlobalc |
Source: NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006B63000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006BAD000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000033CD000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4616510584.0000000001547000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000033EC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/RapidSSLGlobalTLSRSA4096SHA2562022CA1.crl0 |
Source: NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006B63000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006BAD000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4616510584.0000000001547000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006B63000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006BAD000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000033CD000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4616510584.0000000001547000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000033EC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0Q |
Source: NXPYoHNSgv.exe, 00000000.00000002.2153199131.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.0000000003381000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: NXPYoHNSgv.exe, 00000000.00000002.2155642817.000000000402D000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000000.00000002.2155642817.0000000003E09000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4614455750.0000000000402000.00000040.00000400.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.0000000003381000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://varders.kozow.com:8081 |
Source: NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006B63000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4626980162.0000000006BAD000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000033CD000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4616510584.0000000001547000.00000004.00000020.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000033EC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: NXPYoHNSgv.exe, 00000000.00000002.2155642817.000000000402D000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000000.00000002.2155642817.0000000003E09000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4614455750.0000000000402000.00000040.00000400.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000033EC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot |
Source: NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000033EC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=en |
Source: NXPYoHNSgv.exe, 00000000.00000002.2155642817.000000000402D000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000000.00000002.2155642817.0000000003E09000.00000004.00000800.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4614455750.0000000000402000.00000040.00000400.00020000.00000000.sdmp, NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000033CD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: NXPYoHNSgv.exe, 00000005.00000002.4620367075.00000000033EC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/ |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 0_2_02DDD55C |
0_2_02DDD55C |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 0_2_07538BD8 |
0_2_07538BD8 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 0_2_07533470 |
0_2_07533470 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 0_2_07532C00 |
0_2_07532C00 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 0_2_075354C8 |
0_2_075354C8 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 0_2_075354B8 |
0_2_075354B8 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 0_2_07530006 |
0_2_07530006 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 0_2_07533038 |
0_2_07533038 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 0_2_07535090 |
0_2_07535090 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_03215362 |
5_2_03215362 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_0321D278 |
5_2_0321D278 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_03217118 |
5_2_03217118 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_0321C148 |
5_2_0321C148 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_0321A088 |
5_2_0321A088 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_0321C738 |
5_2_0321C738 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_0321C468 |
5_2_0321C468 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_0321CA08 |
5_2_0321CA08 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_032169B0 |
5_2_032169B0 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_0321E988 |
5_2_0321E988 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_0321CFAB |
5_2_0321CFAB |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_0321CCD8 |
5_2_0321CCD8 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_0321F631 |
5_2_0321F631 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_03213AA1 |
5_2_03213AA1 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_0321FA88 |
5_2_0321FA88 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_0321E97B |
5_2_0321E97B |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_032129EC |
5_2_032129EC |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_032139EF |
5_2_032139EF |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_03213E09 |
5_2_03213E09 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC1E80 |
5_2_06FC1E80 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC17A0 |
5_2_06FC17A0 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC0B30 |
5_2_06FC0B30 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC9C70 |
5_2_06FC9C70 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC5028 |
5_2_06FC5028 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC2968 |
5_2_06FC2968 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC9548 |
5_2_06FC9548 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCEAF8 |
5_2_06FCEAF8 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCE6B0 |
5_2_06FCE6B0 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCE6AF |
5_2_06FCE6AF |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCE6A0 |
5_2_06FCE6A0 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC1E74 |
5_2_06FC1E74 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC1E70 |
5_2_06FC1E70 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCE258 |
5_2_06FCE258 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCE249 |
5_2_06FCE249 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCDE00 |
5_2_06FCDE00 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCF3B8 |
5_2_06FCF3B8 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC8BA0 |
5_2_06FC8BA0 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC1798 |
5_2_06FC1798 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC8B95 |
5_2_06FC8B95 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC8B90 |
5_2_06FC8B90 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC178F |
5_2_06FC178F |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCEF60 |
5_2_06FCEF60 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCEF51 |
5_2_06FCEF51 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC9328 |
5_2_06FC9328 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC0B20 |
5_2_06FC0B20 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCEB08 |
5_2_06FCEB08 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCD0F8 |
5_2_06FCD0F8 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCCCA0 |
5_2_06FCCCA0 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC9C6D |
5_2_06FC9C6D |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCFC68 |
5_2_06FCFC68 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCFC5F |
5_2_06FCFC5F |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC0040 |
5_2_06FC0040 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC5025 |
5_2_06FC5025 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC001E |
5_2_06FC001E |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC501B |
5_2_06FC501B |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCF810 |
5_2_06FCF810 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCF801 |
5_2_06FCF801 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCDDFE |
5_2_06FCDDFE |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCD9A8 |
5_2_06FCD9A8 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCD999 |
5_2_06FCD999 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC295B |
5_2_06FC295B |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCD550 |
5_2_06FCD550 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FC9540 |
5_2_06FC9540 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_06FCD540 |
5_2_06FCD540 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_0719BE50 |
5_2_0719BE50 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Code function: 5_2_07195878 |
5_2_07195878 |
Source: 0.2.NXPYoHNSgv.exe.402d9e0.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.NXPYoHNSgv.exe.402d9e0.3.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.NXPYoHNSgv.exe.402d9e0.3.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 5.2.NXPYoHNSgv.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.NXPYoHNSgv.exe.4071400.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 5.2.NXPYoHNSgv.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.NXPYoHNSgv.exe.4071400.1.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.NXPYoHNSgv.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.NXPYoHNSgv.exe.4071400.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.NXPYoHNSgv.exe.4071400.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.NXPYoHNSgv.exe.4071400.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.NXPYoHNSgv.exe.4071400.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.NXPYoHNSgv.exe.402d9e0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.NXPYoHNSgv.exe.402d9e0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000005.00000002.4614455750.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.2155642817.000000000402D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.2155642817.0000000003E09000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: NXPYoHNSgv.exe PID: 1036, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: NXPYoHNSgv.exe PID: 7000, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: fastprox.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: ncobjapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: mpclient.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wmitomi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: mi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, NwjUkYRhiPbBYX4Oni.cs |
High entropy of concatenated method names: 'Dispose', 'k7fWbFH3tU', 'TLVChmiNFA', 'CNwHHBhxLj', 'sTKWEDA4WR', 'kyhWzeC6jd', 'ProcessDialogKey', 'MCiCQMlxVD', 'tOMCW3J9pV', 'SltCCXZn5Q' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, AMpeOLxWWVXed15Rjv.cs |
High entropy of concatenated method names: 'ToString', 'GnFo98CTIf', 'D4OohJv35X', 'uBnoev1iYR', 'AA4o4VGt2c', 'eesoFGMfIp', 'znooAqJKNB', 'rVLo5GqGLq', 'Os8ol5utK6', 'X7xoDs7Wpo' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, LUP0OQ4ibQ0iEvSMlh.cs |
High entropy of concatenated method names: 'TdQjq5py2r', 'T1MjdZAPff', 'cwjjB4j1uP', 'eEUjmVpCVu', 'LMejJSWTp8', 'K6yjaDgKkG', 'DZBjKAPcZ7', 'NcAjpYY9WC', 'txX0Rw35lvPAMqr24r0', 'NyiBH93E93eC8ZXvQFU' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, TYUqd0pPkDFMPFLRHL.cs |
High entropy of concatenated method names: 'zu7XTICENi', 'gsSXaGY7FX', 'iZpkeOxKos', 'yhok4rZvol', 'c3XkFCArMK', 'McukAFM9U4', 'B20k5y9Cef', 'E7CklAcGJu', 'gcnkDNP8VL', 'z3nkrjZN7v' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, f36uE85AbUbcp2P0xd.cs |
High entropy of concatenated method names: 'RJeigbUcQD', 'a1cikJwjQq', 'BBMijQI2iF', 'mM3jEcEjZx', 'nDZjzD4ZTF', 'cSSiQbWWZ2', 'PwJiWldnak', 'EhUiC1qERZ', 'hC4i6r77xl', 'MT4iIhoiXV' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, cBr4uhCU8o8Cy8bf2T.cs |
High entropy of concatenated method names: 'JeBBW5rd2', 'MOymKCdeX', 'zR4Jx94S7', 'pJiaDlK4S', 'TQCKI5NrF', 'Mkdp37s2o', 'IOyRnxIsDk27LLXGn6', 'XU6wGd0pmf26TO5B2D', 'p1yZyAmBr', 'BH7PxsCGs' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, o1d9gStgXVOlEGar3e.cs |
High entropy of concatenated method names: 'psfjshgaOZ', 'PFYjRg07HF', 'SXyjX4gAoo', 'Gp1jiAN9cL', 'wy4jOtUQd7', 'aEBXyONbN6', 'oCDXVneKMq', 'nyUXNU4Yl0', 'fB3XvmXyoB', 'd94Xbsl0id' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, aRwY22Vs0Gal2sm3Ao.cs |
High entropy of concatenated method names: 'TPrnvJuTsx', 'op2nEThVt7', 'IYAZQ4tOfN', 'LFjZWHVurs', 'Tphn9oysW6', 'k6rn3UBhJG', 'tKBnMFFRuo', 'P0MnYCptpn', 'DpInH0D0x5', 'KYEnxQIvYY' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, D1Xaa2kb4p1B4Tw15W.cs |
High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'yAQCb5hS6l', 'KtkCEsYuXR', 'xqhCzuZ1Ql', 'X276QJQ4vB', 'x6L6WxhikG', 'oKs6CL6Pr3', 'vFq665xxKp', 'TlC7eQJB2GuLdeLo0N2' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, NSqt8wWQ2RrVNunr9qC.cs |
High entropy of concatenated method names: 'nYEUdGWIq0', 'QBbU02dcqB', 'FSaUB5gTCS', 'o3AUm5fhFY', 'JvWUTPN1m9', 'NV5UJGasKL', 'OgcUafgMNi', 'w27USQjrtN', 'ICIUKCCXWb', 'T5gUppjTGq' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, jMlxVDb7OM3J9pVxlt.cs |
High entropy of concatenated method names: 'c07Zt3UlHb', 's9nZhetuqX', 'vRhZegZWNK', 'FJJZ4Q23r9', 'TpoZYL4AJL', 'yOTZFb1Y6G', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, XGFAS78spoJBcDbmwR.cs |
High entropy of concatenated method names: 'eUAncETVhn', 'XIqnfpNKR3', 'ToString', 'Ea5ng0KJTp', 'dcFnRNOhKT', 'NYKnkGfEKK', 'SBpnXvHPlm', 'VuLnjZNbLt', 'xSRnicmMpX', 'aDZnOes3Km' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, hZn5QLEbNAmkl46PVu.cs |
High entropy of concatenated method names: 'Ap5UWwR1DB', 'QDiU6KvI8f', 'Hj2UI0cbvV', 'EZsUgkj0Aj', 'umTURv1YN4', 'xfRUX5PDou', 'd9xUjuh4tY', 'wu4ZN974W5', 'YSAZvNCPUY', 'p7JZb3Jne5' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, BKDA4WvROyheC6jdlC.cs |
High entropy of concatenated method names: 'f2EZgn1cgf', 'DqGZRHaKAV', 'jSAZkC5g5q', 'zG7ZXPRlIp', 'CRnZj1oYxD', 'W9pZiVZYE8', 'WZvZOG1gB9', 'AbxZwqUr2T', 'MBhZcrKONf', 'MGmZfc7c17' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, EI9VY7W6CndmTPHTju9.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QqNPYCkFgg', 'dalPHWhknr', 'wdxPxvmUnB', 'obxP8dpaip', 'xghPyK1lu7', 'IyFPV1lyh7', 'rfRPNNwl9q' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, IFqjIiKhx4dgIGrjAv.cs |
High entropy of concatenated method names: 'D2Ykmppgjp', 'Re2kJJW8wl', 'KJVkSBGIi8', 'LNIkKmHFIG', 'tBFkLPAjdt', 'ohkkoDDOsm', 'HDDknhqQLu', 'EJ2kZE83ru', 'cECkUCQTun', 'yCIkPGEYEO' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, yEojYxIQkDkYwMfXZl.cs |
High entropy of concatenated method names: 'upQWiLPFeb', 'XotWO9WYKQ', 'jhxWc4dgIG', 'NjAWfv8YUq', 'JLRWLHLL1d', 'OgSWogXVOl', 'a2qVSbW86td4nghNCJ', 'DUuROCT55Lrxg3pOmD', 'HqwWWgEo8F', 'CDeW6PfT3T' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, aLPFebSbot9WYKQxSZ.cs |
High entropy of concatenated method names: 'ECYRYrbR3j', 'FyoRH847w5', 'lAlRx8eKw5', 'aHpR8E7qi1', 'qrFRyCeIST', 'AjORVb66IE', 'fHARNnL469', 'W2NRvKNhvn', 'ei4Rbw51s8', 'CftREyLudR' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, G1Nsw9DieHrvsA5hvT.cs |
High entropy of concatenated method names: 'wkuidIT7h1', 'ypli0o453a', 'OwfiBg8Cd6', 'F9wimfX4Ie', 'Qc6iTCjfkK', 'KeQiJpt9dl', 'fobiakKxQ2', 'MhOiShl1DS', 'xYLiKf8OsK', 'BQTippNqyK' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, KEObGFMDeIOfWIcUYG.cs |
High entropy of concatenated method names: 'Q271Sgqyyc', 'OAS1KfimiV', 'kvm1tAQUCy', 'LcZ1hdaoWr', 'TWr14wMVwF', 'L1A1F9iSbS', 'qxd15ilv5j', 'yb31ltvbKN', 'v0n1repiVH', 'ChU19XaMFA' |
Source: 0.2.NXPYoHNSgv.exe.7460000.6.raw.unpack, RVlDSAOxRVyxPMKF9i.cs |
High entropy of concatenated method names: 'QVQ6sRo4Qc', 'uP86gZ5IM0', 'Nek6RGR836', 'tRV6kZMrP2', 'uGb6X81rUj', 'Mfp6jsEgaJ', 'nqT6ijfA2J', 'Ajt6ObMokK', 'uwL6w8sKxi', 'w7L6cSV64g' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, NwjUkYRhiPbBYX4Oni.cs |
High entropy of concatenated method names: 'Dispose', 'k7fWbFH3tU', 'TLVChmiNFA', 'CNwHHBhxLj', 'sTKWEDA4WR', 'kyhWzeC6jd', 'ProcessDialogKey', 'MCiCQMlxVD', 'tOMCW3J9pV', 'SltCCXZn5Q' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, AMpeOLxWWVXed15Rjv.cs |
High entropy of concatenated method names: 'ToString', 'GnFo98CTIf', 'D4OohJv35X', 'uBnoev1iYR', 'AA4o4VGt2c', 'eesoFGMfIp', 'znooAqJKNB', 'rVLo5GqGLq', 'Os8ol5utK6', 'X7xoDs7Wpo' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, LUP0OQ4ibQ0iEvSMlh.cs |
High entropy of concatenated method names: 'TdQjq5py2r', 'T1MjdZAPff', 'cwjjB4j1uP', 'eEUjmVpCVu', 'LMejJSWTp8', 'K6yjaDgKkG', 'DZBjKAPcZ7', 'NcAjpYY9WC', 'txX0Rw35lvPAMqr24r0', 'NyiBH93E93eC8ZXvQFU' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, TYUqd0pPkDFMPFLRHL.cs |
High entropy of concatenated method names: 'zu7XTICENi', 'gsSXaGY7FX', 'iZpkeOxKos', 'yhok4rZvol', 'c3XkFCArMK', 'McukAFM9U4', 'B20k5y9Cef', 'E7CklAcGJu', 'gcnkDNP8VL', 'z3nkrjZN7v' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, f36uE85AbUbcp2P0xd.cs |
High entropy of concatenated method names: 'RJeigbUcQD', 'a1cikJwjQq', 'BBMijQI2iF', 'mM3jEcEjZx', 'nDZjzD4ZTF', 'cSSiQbWWZ2', 'PwJiWldnak', 'EhUiC1qERZ', 'hC4i6r77xl', 'MT4iIhoiXV' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, cBr4uhCU8o8Cy8bf2T.cs |
High entropy of concatenated method names: 'JeBBW5rd2', 'MOymKCdeX', 'zR4Jx94S7', 'pJiaDlK4S', 'TQCKI5NrF', 'Mkdp37s2o', 'IOyRnxIsDk27LLXGn6', 'XU6wGd0pmf26TO5B2D', 'p1yZyAmBr', 'BH7PxsCGs' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, o1d9gStgXVOlEGar3e.cs |
High entropy of concatenated method names: 'psfjshgaOZ', 'PFYjRg07HF', 'SXyjX4gAoo', 'Gp1jiAN9cL', 'wy4jOtUQd7', 'aEBXyONbN6', 'oCDXVneKMq', 'nyUXNU4Yl0', 'fB3XvmXyoB', 'd94Xbsl0id' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, aRwY22Vs0Gal2sm3Ao.cs |
High entropy of concatenated method names: 'TPrnvJuTsx', 'op2nEThVt7', 'IYAZQ4tOfN', 'LFjZWHVurs', 'Tphn9oysW6', 'k6rn3UBhJG', 'tKBnMFFRuo', 'P0MnYCptpn', 'DpInH0D0x5', 'KYEnxQIvYY' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, D1Xaa2kb4p1B4Tw15W.cs |
High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'yAQCb5hS6l', 'KtkCEsYuXR', 'xqhCzuZ1Ql', 'X276QJQ4vB', 'x6L6WxhikG', 'oKs6CL6Pr3', 'vFq665xxKp', 'TlC7eQJB2GuLdeLo0N2' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, NSqt8wWQ2RrVNunr9qC.cs |
High entropy of concatenated method names: 'nYEUdGWIq0', 'QBbU02dcqB', 'FSaUB5gTCS', 'o3AUm5fhFY', 'JvWUTPN1m9', 'NV5UJGasKL', 'OgcUafgMNi', 'w27USQjrtN', 'ICIUKCCXWb', 'T5gUppjTGq' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, jMlxVDb7OM3J9pVxlt.cs |
High entropy of concatenated method names: 'c07Zt3UlHb', 's9nZhetuqX', 'vRhZegZWNK', 'FJJZ4Q23r9', 'TpoZYL4AJL', 'yOTZFb1Y6G', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, XGFAS78spoJBcDbmwR.cs |
High entropy of concatenated method names: 'eUAncETVhn', 'XIqnfpNKR3', 'ToString', 'Ea5ng0KJTp', 'dcFnRNOhKT', 'NYKnkGfEKK', 'SBpnXvHPlm', 'VuLnjZNbLt', 'xSRnicmMpX', 'aDZnOes3Km' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, hZn5QLEbNAmkl46PVu.cs |
High entropy of concatenated method names: 'Ap5UWwR1DB', 'QDiU6KvI8f', 'Hj2UI0cbvV', 'EZsUgkj0Aj', 'umTURv1YN4', 'xfRUX5PDou', 'd9xUjuh4tY', 'wu4ZN974W5', 'YSAZvNCPUY', 'p7JZb3Jne5' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, BKDA4WvROyheC6jdlC.cs |
High entropy of concatenated method names: 'f2EZgn1cgf', 'DqGZRHaKAV', 'jSAZkC5g5q', 'zG7ZXPRlIp', 'CRnZj1oYxD', 'W9pZiVZYE8', 'WZvZOG1gB9', 'AbxZwqUr2T', 'MBhZcrKONf', 'MGmZfc7c17' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, EI9VY7W6CndmTPHTju9.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QqNPYCkFgg', 'dalPHWhknr', 'wdxPxvmUnB', 'obxP8dpaip', 'xghPyK1lu7', 'IyFPV1lyh7', 'rfRPNNwl9q' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, IFqjIiKhx4dgIGrjAv.cs |
High entropy of concatenated method names: 'D2Ykmppgjp', 'Re2kJJW8wl', 'KJVkSBGIi8', 'LNIkKmHFIG', 'tBFkLPAjdt', 'ohkkoDDOsm', 'HDDknhqQLu', 'EJ2kZE83ru', 'cECkUCQTun', 'yCIkPGEYEO' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, yEojYxIQkDkYwMfXZl.cs |
High entropy of concatenated method names: 'upQWiLPFeb', 'XotWO9WYKQ', 'jhxWc4dgIG', 'NjAWfv8YUq', 'JLRWLHLL1d', 'OgSWogXVOl', 'a2qVSbW86td4nghNCJ', 'DUuROCT55Lrxg3pOmD', 'HqwWWgEo8F', 'CDeW6PfT3T' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, aLPFebSbot9WYKQxSZ.cs |
High entropy of concatenated method names: 'ECYRYrbR3j', 'FyoRH847w5', 'lAlRx8eKw5', 'aHpR8E7qi1', 'qrFRyCeIST', 'AjORVb66IE', 'fHARNnL469', 'W2NRvKNhvn', 'ei4Rbw51s8', 'CftREyLudR' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, G1Nsw9DieHrvsA5hvT.cs |
High entropy of concatenated method names: 'wkuidIT7h1', 'ypli0o453a', 'OwfiBg8Cd6', 'F9wimfX4Ie', 'Qc6iTCjfkK', 'KeQiJpt9dl', 'fobiakKxQ2', 'MhOiShl1DS', 'xYLiKf8OsK', 'BQTippNqyK' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, KEObGFMDeIOfWIcUYG.cs |
High entropy of concatenated method names: 'Q271Sgqyyc', 'OAS1KfimiV', 'kvm1tAQUCy', 'LcZ1hdaoWr', 'TWr14wMVwF', 'L1A1F9iSbS', 'qxd15ilv5j', 'yb31ltvbKN', 'v0n1repiVH', 'ChU19XaMFA' |
Source: 0.2.NXPYoHNSgv.exe.3f146c0.4.raw.unpack, RVlDSAOxRVyxPMKF9i.cs |
High entropy of concatenated method names: 'QVQ6sRo4Qc', 'uP86gZ5IM0', 'Nek6RGR836', 'tRV6kZMrP2', 'uGb6X81rUj', 'Mfp6jsEgaJ', 'nqT6ijfA2J', 'Ajt6ObMokK', 'uwL6w8sKxi', 'w7L6cSV64g' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, NwjUkYRhiPbBYX4Oni.cs |
High entropy of concatenated method names: 'Dispose', 'k7fWbFH3tU', 'TLVChmiNFA', 'CNwHHBhxLj', 'sTKWEDA4WR', 'kyhWzeC6jd', 'ProcessDialogKey', 'MCiCQMlxVD', 'tOMCW3J9pV', 'SltCCXZn5Q' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, AMpeOLxWWVXed15Rjv.cs |
High entropy of concatenated method names: 'ToString', 'GnFo98CTIf', 'D4OohJv35X', 'uBnoev1iYR', 'AA4o4VGt2c', 'eesoFGMfIp', 'znooAqJKNB', 'rVLo5GqGLq', 'Os8ol5utK6', 'X7xoDs7Wpo' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, LUP0OQ4ibQ0iEvSMlh.cs |
High entropy of concatenated method names: 'TdQjq5py2r', 'T1MjdZAPff', 'cwjjB4j1uP', 'eEUjmVpCVu', 'LMejJSWTp8', 'K6yjaDgKkG', 'DZBjKAPcZ7', 'NcAjpYY9WC', 'txX0Rw35lvPAMqr24r0', 'NyiBH93E93eC8ZXvQFU' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, TYUqd0pPkDFMPFLRHL.cs |
High entropy of concatenated method names: 'zu7XTICENi', 'gsSXaGY7FX', 'iZpkeOxKos', 'yhok4rZvol', 'c3XkFCArMK', 'McukAFM9U4', 'B20k5y9Cef', 'E7CklAcGJu', 'gcnkDNP8VL', 'z3nkrjZN7v' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, f36uE85AbUbcp2P0xd.cs |
High entropy of concatenated method names: 'RJeigbUcQD', 'a1cikJwjQq', 'BBMijQI2iF', 'mM3jEcEjZx', 'nDZjzD4ZTF', 'cSSiQbWWZ2', 'PwJiWldnak', 'EhUiC1qERZ', 'hC4i6r77xl', 'MT4iIhoiXV' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, cBr4uhCU8o8Cy8bf2T.cs |
High entropy of concatenated method names: 'JeBBW5rd2', 'MOymKCdeX', 'zR4Jx94S7', 'pJiaDlK4S', 'TQCKI5NrF', 'Mkdp37s2o', 'IOyRnxIsDk27LLXGn6', 'XU6wGd0pmf26TO5B2D', 'p1yZyAmBr', 'BH7PxsCGs' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, o1d9gStgXVOlEGar3e.cs |
High entropy of concatenated method names: 'psfjshgaOZ', 'PFYjRg07HF', 'SXyjX4gAoo', 'Gp1jiAN9cL', 'wy4jOtUQd7', 'aEBXyONbN6', 'oCDXVneKMq', 'nyUXNU4Yl0', 'fB3XvmXyoB', 'd94Xbsl0id' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, aRwY22Vs0Gal2sm3Ao.cs |
High entropy of concatenated method names: 'TPrnvJuTsx', 'op2nEThVt7', 'IYAZQ4tOfN', 'LFjZWHVurs', 'Tphn9oysW6', 'k6rn3UBhJG', 'tKBnMFFRuo', 'P0MnYCptpn', 'DpInH0D0x5', 'KYEnxQIvYY' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, D1Xaa2kb4p1B4Tw15W.cs |
High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'yAQCb5hS6l', 'KtkCEsYuXR', 'xqhCzuZ1Ql', 'X276QJQ4vB', 'x6L6WxhikG', 'oKs6CL6Pr3', 'vFq665xxKp', 'TlC7eQJB2GuLdeLo0N2' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, NSqt8wWQ2RrVNunr9qC.cs |
High entropy of concatenated method names: 'nYEUdGWIq0', 'QBbU02dcqB', 'FSaUB5gTCS', 'o3AUm5fhFY', 'JvWUTPN1m9', 'NV5UJGasKL', 'OgcUafgMNi', 'w27USQjrtN', 'ICIUKCCXWb', 'T5gUppjTGq' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, jMlxVDb7OM3J9pVxlt.cs |
High entropy of concatenated method names: 'c07Zt3UlHb', 's9nZhetuqX', 'vRhZegZWNK', 'FJJZ4Q23r9', 'TpoZYL4AJL', 'yOTZFb1Y6G', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, XGFAS78spoJBcDbmwR.cs |
High entropy of concatenated method names: 'eUAncETVhn', 'XIqnfpNKR3', 'ToString', 'Ea5ng0KJTp', 'dcFnRNOhKT', 'NYKnkGfEKK', 'SBpnXvHPlm', 'VuLnjZNbLt', 'xSRnicmMpX', 'aDZnOes3Km' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, hZn5QLEbNAmkl46PVu.cs |
High entropy of concatenated method names: 'Ap5UWwR1DB', 'QDiU6KvI8f', 'Hj2UI0cbvV', 'EZsUgkj0Aj', 'umTURv1YN4', 'xfRUX5PDou', 'd9xUjuh4tY', 'wu4ZN974W5', 'YSAZvNCPUY', 'p7JZb3Jne5' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, BKDA4WvROyheC6jdlC.cs |
High entropy of concatenated method names: 'f2EZgn1cgf', 'DqGZRHaKAV', 'jSAZkC5g5q', 'zG7ZXPRlIp', 'CRnZj1oYxD', 'W9pZiVZYE8', 'WZvZOG1gB9', 'AbxZwqUr2T', 'MBhZcrKONf', 'MGmZfc7c17' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, EI9VY7W6CndmTPHTju9.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QqNPYCkFgg', 'dalPHWhknr', 'wdxPxvmUnB', 'obxP8dpaip', 'xghPyK1lu7', 'IyFPV1lyh7', 'rfRPNNwl9q' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, IFqjIiKhx4dgIGrjAv.cs |
High entropy of concatenated method names: 'D2Ykmppgjp', 'Re2kJJW8wl', 'KJVkSBGIi8', 'LNIkKmHFIG', 'tBFkLPAjdt', 'ohkkoDDOsm', 'HDDknhqQLu', 'EJ2kZE83ru', 'cECkUCQTun', 'yCIkPGEYEO' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, yEojYxIQkDkYwMfXZl.cs |
High entropy of concatenated method names: 'upQWiLPFeb', 'XotWO9WYKQ', 'jhxWc4dgIG', 'NjAWfv8YUq', 'JLRWLHLL1d', 'OgSWogXVOl', 'a2qVSbW86td4nghNCJ', 'DUuROCT55Lrxg3pOmD', 'HqwWWgEo8F', 'CDeW6PfT3T' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, aLPFebSbot9WYKQxSZ.cs |
High entropy of concatenated method names: 'ECYRYrbR3j', 'FyoRH847w5', 'lAlRx8eKw5', 'aHpR8E7qi1', 'qrFRyCeIST', 'AjORVb66IE', 'fHARNnL469', 'W2NRvKNhvn', 'ei4Rbw51s8', 'CftREyLudR' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, G1Nsw9DieHrvsA5hvT.cs |
High entropy of concatenated method names: 'wkuidIT7h1', 'ypli0o453a', 'OwfiBg8Cd6', 'F9wimfX4Ie', 'Qc6iTCjfkK', 'KeQiJpt9dl', 'fobiakKxQ2', 'MhOiShl1DS', 'xYLiKf8OsK', 'BQTippNqyK' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, KEObGFMDeIOfWIcUYG.cs |
High entropy of concatenated method names: 'Q271Sgqyyc', 'OAS1KfimiV', 'kvm1tAQUCy', 'LcZ1hdaoWr', 'TWr14wMVwF', 'L1A1F9iSbS', 'qxd15ilv5j', 'yb31ltvbKN', 'v0n1repiVH', 'ChU19XaMFA' |
Source: 0.2.NXPYoHNSgv.exe.40bdee0.2.raw.unpack, RVlDSAOxRVyxPMKF9i.cs |
High entropy of concatenated method names: 'QVQ6sRo4Qc', 'uP86gZ5IM0', 'Nek6RGR836', 'tRV6kZMrP2', 'uGb6X81rUj', 'Mfp6jsEgaJ', 'nqT6ijfA2J', 'Ajt6ObMokK', 'uwL6w8sKxi', 'w7L6cSV64g' |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599890 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599781 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599671 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599562 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599453 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599343 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599234 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599125 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599015 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598905 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598781 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598671 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598562 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598453 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598343 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598234 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598117 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598015 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 597890 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 597765 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 597641 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 597390 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 597281 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 597171 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 597059 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596937 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596828 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596718 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596609 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596500 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596390 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596281 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596156 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596047 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595937 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595828 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595718 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595609 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595500 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595390 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595265 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595155 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 594995 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 594718 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 594437 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 594312 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 594203 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 594093 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 593984 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 593875 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 6432 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4876 |
Thread sleep time: -2767011611056431s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -29514790517935264s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -600000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -599890s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -599781s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -599671s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -599562s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -599453s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -599343s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -599234s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -599125s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -599015s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -598905s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -598781s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -598671s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -598562s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -598453s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -598343s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -598234s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -598117s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -598015s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -597890s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -597765s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -597641s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -597390s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -597281s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -597171s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -597059s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -596937s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -596828s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -596718s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -596609s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -596500s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -596390s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -596281s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -596156s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -596047s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -595937s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -595828s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -595718s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -595609s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -595500s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -595390s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -595265s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -595155s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -594995s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -594718s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -594437s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -594312s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -594203s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -594093s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -593984s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe TID: 5800 |
Thread sleep time: -593875s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599890 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599781 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599671 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599562 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599453 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599343 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599234 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599125 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 599015 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598905 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598781 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598671 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598562 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598453 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598343 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598234 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598117 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 598015 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 597890 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 597765 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 597641 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 597390 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 597281 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 597171 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 597059 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596937 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596828 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596718 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596609 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596500 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596390 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596281 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596156 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 596047 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595937 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595828 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595718 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595609 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595500 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595390 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595265 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 595155 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 594995 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 594718 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 594437 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 594312 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 594203 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 594093 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 593984 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Thread delayed: delay time: 593875 |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Users\user\Desktop\NXPYoHNSgv.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Users\user\Desktop\NXPYoHNSgv.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NXPYoHNSgv.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |