Source: powershell.exe, 00000002.00000002.2094251518.0000000008B8C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.microz;r |
Source: svchost.exe, 00000005.00000002.2392550483.0000022135C00000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.ver) |
Source: qmgr.db.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU |
Source: qmgr.db.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n |
Source: qmgr.db.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/ |
Source: qmgr.db.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567 |
Source: qmgr.db.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg |
Source: qmgr.db.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe |
Source: edb.log.5.dr | String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20 |
Source: Quotation.exe, Quotation.exe.2.dr | String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: powershell.exe, 00000002.00000002.2088496728.00000000061F1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000002.00000002.2084166984.00000000052E6000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: Quotation.exe, Quotation.exe.2.dr | String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: Quotation.exe, Quotation.exe.2.dr | String found in binary or memory: http://s.symcd.com06 |
Source: powershell.exe, 00000002.00000002.2084166984.0000000005191000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Quotation.exe, Quotation.exe.2.dr | String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: Quotation.exe, Quotation.exe.2.dr | String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: Quotation.exe, Quotation.exe.2.dr | String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: powershell.exe, 00000002.00000002.2084166984.00000000052E6000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000002.00000002.2094251518.0000000008B30000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.microsoft.coiJa |
Source: powershell.exe, 00000002.00000002.2084166984.0000000005191000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/pscore6 |
Source: wab.exe, 0000000E.00000003.1781879858.0000000006EAD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://apwisulsel.sa.com/ |
Source: wab.exe, 0000000E.00000002.2392316689.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000E.00000003.1781879858.0000000006EAD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://apwisulsel.sa.com/$ |
Source: wab.exe, 0000000E.00000002.2392316689.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://apwisulsel.sa.com/( |
Source: wab.exe, 0000000E.00000002.2392316689.0000000006ECD000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000E.00000003.1781879858.0000000006EAD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://apwisulsel.sa.com/C |
Source: wab.exe, 0000000E.00000003.1781879858.0000000006EAD000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000E.00000002.2392316689.0000000006ED3000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://apwisulsel.sa.com/EnPWajJ251.bin |
Source: wab.exe, 0000000E.00000002.2393553213.0000000006EE9000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000E.00000003.2112888645.0000000006EE9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://apwisulsel.sa.com/EnPWajJ251.binW |
Source: wab.exe, 0000000E.00000002.2392316689.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000E.00000003.1781879858.0000000006EAD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://apwisulsel.sa.com/EnPWajJ251.binb |
Source: wab.exe, 0000000E.00000002.2393553213.0000000006EE9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://apwisulsel.sa.com/EnPWajJ251.bincf& |
Source: wab.exe, 0000000E.00000002.2392316689.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000E.00000003.1781879858.0000000006EAD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://apwisulsel.sa.com/EnPWajJ251.bing |
Source: wab.exe, 0000000E.00000002.2392316689.0000000006EC4000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000E.00000003.1781879858.0000000006EAD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://apwisulsel.sa.com/EnPWajJ251.binoE |
Source: wab.exe, 0000000E.00000002.2392316689.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://apwisulsel.sa.com/lsel.sa.com/apwisulsel.sa.com5 |
Source: wab.exe, 0000000E.00000002.2392316689.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://apwisulsel.sa.com/r4 |
Source: powershell.exe, 00000002.00000002.2088496728.00000000061F1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000002.00000002.2088496728.00000000061F1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000002.00000002.2088496728.00000000061F1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/License |
Source: Quotation.exe, Quotation.exe.2.dr | String found in binary or memory: https://d.symcb.com/cps0% |
Source: Quotation.exe, Quotation.exe.2.dr | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: Quotation.exe, Quotation.exe.2.dr | String found in binary or memory: https://d.symcb.com/rpa0. |
Source: edb.log.5.dr | String found in binary or memory: https://g.live.com/odclientsettings/Prod-C: |
Source: svchost.exe, 00000005.00000003.1202909008.0000022135BB2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr | String found in binary or memory: https://g.live.com/odclientsettings/ProdV2-C: |
Source: powershell.exe, 00000002.00000002.2084166984.00000000052E6000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000002.00000002.2088496728.00000000061F1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://nuget.org/nuget.exe |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_0835A678 | 2_2_0835A678 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_0835BFA0 | 2_2_0835BFA0 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083521F8 | 2_2_083521F8 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_08352220 | 2_2_08352220 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_0835BF90 | 2_2_0835BF90 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083A29B8 | 2_2_083A29B8 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083A45EA | 2_2_083A45EA |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083A55E1 | 2_2_083A55E1 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083AE390 | 2_2_083AE390 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083A5A80 | 2_2_083A5A80 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083A7C50 | 2_2_083A7C50 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083A8D28 | 2_2_083A8D28 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083A8330 | 2_2_083A8330 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083AE390 | 2_2_083AE390 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083AE380 | 2_2_083AE380 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083AD528 | 2_2_083AD528 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083F7BF0 | 2_2_083F7BF0 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083F7BE2 | 2_2_083F7BE2 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083F2698 | 2_2_083F2698 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083F2687 | 2_2_083F2687 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089AAF69 | 2_2_089AAF69 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089AAF69 | 2_2_089AAF69 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089BE108 | 2_2_089BE108 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089B8380 | 2_2_089B8380 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089BA3A8 | 2_2_089BA3A8 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089B9BA8 | 2_2_089B9BA8 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089BCDE0 | 2_2_089BCDE0 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089BB540 | 2_2_089BB540 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089BAD40 | 2_2_089BAD40 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089B3EB0 | 2_2_089B3EB0 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089B9640 | 2_2_089B9640 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089B07C8 | 2_2_089B07C8 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089EC9A8 | 2_2_089EC9A8 |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: dwmapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: shfolder.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: riched20.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: usp10.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: msls31.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: napinsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: pnrpnsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshbth.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winrnr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: qmgr.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: bitsperf.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: xmllite.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: esent.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: fwbase.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: flightsettings.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: netprofm.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: npmproxy.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: bitsigd.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: upnp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ssdpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: appxdeploymentclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wsmauto.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: miutils.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wsmsvc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dsrole.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: pcwum.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msv1_0.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ntlmshared.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptdll.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: rmclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: usermgrcli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: execmodelclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: execmodelproxy.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: vssapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: vsstrace.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: samlib.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: es.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: bitsproxy.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_050B1CF7 pushad ; ret | 2_2_050B1D01 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_050B3FB1 push ecx; retf | 2_2_050B4005 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_083F8A06 push FFFFFF8Bh; iretd | 2_2_083F8A08 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_08899C47 push FFFFFF8Bh; retf | 2_2_08899C4C |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_0889DDCA push FFFFFF8Bh; iretd | 2_2_0889DDCE |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_0889E5C0 push eax; retf | 2_2_0889E5C9 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_0889E5D2 push eax; retf | 2_2_0889E5D4 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_0889E2B1 push eax; retf | 2_2_0889E2BA |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_0889E2C3 push eax; retf | 2_2_0889E2C5 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_0889DE15 push FFFFFF8Bh; iretd | 2_2_0889DE1A |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_0889EBCD push eax; retf | 2_2_0889EBD6 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_0889EBDF push eax; retf | 2_2_0889EBE1 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089A9DDE push FFFFFF8Bh; iretd | 2_2_089A9DE0 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089A9D31 push FFFFFF8Bh; iretd | 2_2_089A9D33 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089A9E8B push FFFFFF8Bh; iretd | 2_2_089A9E8D |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089A6E60 push eax; mov dword ptr [esp], edx | 2_2_089A7044 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089A9FDF push FFFFFF8Bh; iretd | 2_2_089A9FE7 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089A9F38 push FFFFFF8Bh; iretd | 2_2_089A9F3A |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089AA038 push FFFFFF8Bh; iretd | 2_2_089AA03A |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089B488D push 8B061F55h; iretd | 2_2_089B4892 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_089B4ABF push 8B061E9Bh; iretd | 2_2_089B4AC4 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 14_2_05D30DD8 push ebp; ret | 14_2_05D30DD9 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 14_2_05D2F3E9 push esi; retf | 14_2_05D2F3EA |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 14_2_05D3115E push ebp; ret | 14_2_05D3115F |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 14_2_05D2FB47 push edi; retf | 14_2_05D2FB49 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 14_2_05D2F166 push esi; retf | 14_2_05D2F16A |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 14_2_05D32165 push ebp; ret | 14_2_05D3216F |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 14_2_05D326DC push ebp; ret | 14_2_05D326DD |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 14_2_05D300F8 push ebp; ret | 14_2_05D300F9 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 14_2_05D2F2E9 push esi; retf | 14_2_05D2F2EA |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 14_2_05D320EE push ebp; ret | 14_2_05D3216F |
Source: C:\Users\user\Desktop\Quotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Quotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |