Source: svchost.exe, 00000024.00000003.1426512052.000002B805E10000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1426050902.000002B805775000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://Passport.NET/STS |
Source: svchost.exe, 00000024.00000003.1400049966.000002B805774000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd |
Source: svchost.exe, 00000024.00000003.1360706982.000002B805729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1400049966.000002B805774000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1390230532.000002B80572F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1380858399.000002B805729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1390230532.000002B80572A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://Passport.NET/tb |
Source: svchost.exe, 00000024.00000003.1390016964.000002B804EE4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2516290801.000002B804EE1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://Passport.NET/tb_ |
Source: svchost.exe, 00000024.00000002.2518501231.000002B805C59000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2519109221.000002B805CB3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://Passport.NET/tbpose |
Source: svchost.exe, 00000024.00000002.2518170013.000002B805C13000.00000004.00000020.00020000.00000000.sdmp, 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.36.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab |
Source: svchost.exe, 00000024.00000002.2515299531.000002B804E73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1425819438.000002B804E72000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01 |
Source: svchost.exe, 00000024.00000003.1426050902.000002B805775000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1389451722.000002B805735000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd |
Source: svchost.exe, 00000024.00000002.2517767699.000002B805778000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1426108352.000002B805776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1400049966.000002B805774000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1426050902.000002B805775000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd( |
Source: svchost.exe, 00000024.00000003.1360706982.000002B805729000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAA |
Source: svchost.exe, 00000024.00000003.1400049966.000002B805774000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdesA |
Source: svchost.exe, 00000024.00000003.1400049966.000002B805774000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdesEncr |
Source: svchost.exe, 00000024.00000002.2517767699.000002B805778000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1426108352.000002B805776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1426050902.000002B805775000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdonMe |
Source: svchost.exe, 00000024.00000003.1425060202.000002B805783000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-sod |
Source: svchost.exe, 00000024.00000003.1426050902.000002B805775000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1389451722.000002B805735000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd |
Source: svchost.exe, 00000024.00000003.1400049966.000002B805774000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd( |
Source: svchost.exe, 00000024.00000002.2517767699.000002B805778000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1426108352.000002B805776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1426050902.000002B805775000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd. |
Source: svchost.exe, 00000024.00000003.1400049966.000002B805774000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd0nw |
Source: svchost.exe, 00000024.00000002.2517767699.000002B805778000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1426108352.000002B805776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1426050902.000002B805775000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA |
Source: svchost.exe, 00000024.00000003.1360706982.000002B805729000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAA |
Source: svchost.exe, 00000024.00000003.1389377028.000002B805735000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1399093323.000002B805735000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1389451722.000002B805735000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdpServ |
Source: svchost.exe, 00000024.00000003.1400049966.000002B805774000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsds |
Source: svchost.exe, 00000024.00000002.2519461243.000002B805CF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1426345130.000002B805C44000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2518233779.000002B805C37000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2519335064.000002B805CD4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1402825732.000002B80570F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertionID |
Source: AddInProcess32.exe, 0000001A.00000002.1487009646.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000001F.00000002.1627243849.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 0000002B.00000002.2520439287.0000000002F21000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2517527074.000000000325C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com |
Source: svchost.exe, 00000011.00000002.1465404864.000001FC9F1C1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1472724735.0000000000402000.00000040.00000400.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1487009646.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000001F.00000002.1627243849.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 0000002B.00000002.2520439287.0000000002F21000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2517527074.000000000325C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com/line/?fields=hosting |
Source: AddInProcess32.exe, 0000001A.00000002.1487009646.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1487009646.0000000002C06000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000001F.00000002.1627243849.0000000002D71000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000001F.00000002.1627243849.0000000002D79000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 0000002B.00000002.2520439287.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2517527074.00000000032B7000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2517527074.00000000032AF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://mail.bonnyriggdentalsurgery.com.au |
Source: svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://passport.net/tb |
Source: AddInProcess32.exe, 0000001A.00000002.1477526079.0000000000DF7000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1513494565.0000000005FA4000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1487009646.0000000002C06000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000001F.00000002.1647286453.0000000005EB2000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000001F.00000002.1627243849.0000000002D79000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 0000002B.00000002.2515186191.0000000001154000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000002B.00000002.2543086036.0000000006090000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000002B.00000002.2520439287.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2517527074.00000000032B7000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2513830671.000000000114B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2513830671.000000000115C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://r3.i.lencr.org/0T |
Source: AddInProcess32.exe, 0000001A.00000002.1513494565.0000000005F80000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1477526079.0000000000DF7000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1513494565.0000000005FA4000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1487009646.0000000002C06000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000001F.00000002.1647286453.0000000005EB2000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000001F.00000002.1627243849.0000000002D79000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 0000002B.00000002.2515186191.0000000001154000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000002B.00000002.2543086036.0000000006090000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000002B.00000002.2520439287.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2517527074.00000000032B7000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2513830671.000000000114B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2513830671.000000000115C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://r3.o.lencr.org0 |
Source: svchost.exe, 00000024.00000002.2517369366.000002B805737000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous |
Source: svchost.exe, 00000024.00000002.2517123888.000002B805713000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy |
Source: svchost.exe, 00000024.00000002.2517123888.000002B805713000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc |
Source: svchost.exe, 00000024.00000002.2517369366.000002B805737000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scon |
Source: svchost.exe, 00000024.00000002.2517472650.000002B80575F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scrf |
Source: svchost.exe, 00000024.00000003.1434799034.000002B805766000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scs-cbc |
Source: svchost.exe, 00000024.00000002.2517880244.000002B805791000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1425939517.000002B80578D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scyc= |
Source: svchost.exe, 00000024.00000002.2517880244.000002B805791000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515299531.000002B804E73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2517472650.000002B80575F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2517369366.000002B805737000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2518883672.000002B805C9A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1425939517.000002B80578D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2517123888.000002B805713000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust |
Source: svchost.exe, 00000024.00000003.1360706982.000002B805729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1390230532.000002B80572F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1380858399.000002B805729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1390230532.000002B80572A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue |
Source: svchost.exe, 00000024.00000002.2518501231.000002B805C59000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue |
Source: svchost.exe, 00000024.00000002.2517675071.000002B80576F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1434712094.000002B80576E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue1 |
Source: svchost.exe, 00000024.00000002.2517675071.000002B80576F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1434712094.000002B80576E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue |
Source: svchost.exe, 00000024.00000002.2517369366.000002B805737000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trustnce |
Source: Quotation Order.exe, 00000000.00000002.1287260691.000002598039A000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1487009646.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000001F.00000002.1627243849.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 0000002B.00000002.2520439287.0000000002F21000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2517527074.000000000325C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: svchost.exe, 00000008.00000002.2513040274.0000029957118000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2511975756.0000029956887000.00000004.00000020.00020000.00000000.sdmp, regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.8.dr |
String found in binary or memory: http://standards.iso.org/iso/19770/-2/2009/schema.xsd |
Source: Amcache.hve.35.dr |
String found in binary or memory: http://upx.sf.net |
Source: svchost.exe, 00000003.00000002.1365924349.00000215E6C13000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.bingmapsportal.com |
Source: AddInProcess32.exe, 0000002B.00000002.2543086036.0000000006090000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.microsoft.co4 |
Source: AddInProcess32.exe, 0000001A.00000002.1513494565.0000000005F80000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1477526079.0000000000DF7000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1513494565.0000000005FA4000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1487009646.0000000002C06000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000001F.00000002.1647286453.0000000005EB2000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000001F.00000002.1622449138.0000000000CD0000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000001F.00000002.1627243849.0000000002D79000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 0000002B.00000002.2543086036.0000000006090000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000002B.00000002.2520439287.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2517527074.00000000032B7000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2513830671.000000000114B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2543008151.0000000006260000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: AddInProcess32.exe, 0000001A.00000002.1513494565.0000000005F80000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1477526079.0000000000DF7000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1513494565.0000000005FA4000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1487009646.0000000002C06000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000001F.00000002.1647286453.0000000005EB2000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000001F.00000002.1622449138.0000000000CD0000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000001F.00000002.1627243849.0000000002D79000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 0000002B.00000002.2543086036.0000000006090000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000002B.00000002.2520439287.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2517527074.00000000032B7000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2513830671.000000000114B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000038.00000002.2543008151.0000000006260000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: svchost.exe, 00000011.00000002.1465404864.000001FC9F1C1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 0000001A.00000002.1472724735.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://account.dyn.com/ |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502 |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601 |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601 |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603 |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604 |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359532181.000002B80572A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605 |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600 |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601 |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603 |
Source: svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604 |
Source: svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605 |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359102832.000002B805757000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359532181.000002B80572A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://account.live.com/msangcwam |
Source: svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://account.live.com/msangcwamvice |
Source: svchost.exe, 00000003.00000003.1364013063.00000215E6C58000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://appexmapsappupdate.blob.core.windows.net |
Source: svchost.exe, 00000003.00000003.1364013063.00000215E6C58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1366155272.00000215E6C59000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/ |
Source: svchost.exe, 00000003.00000002.1366447349.00000215E6C63000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/ |
Source: svchost.exe, 00000003.00000003.1364013063.00000215E6C58000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations |
Source: svchost.exe, 00000003.00000003.1363757483.00000215E6C67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1366478054.00000215E6C68000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/ |
Source: svchost.exe, 00000003.00000003.1362941126.00000215E6C74000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1366539238.00000215E6C76000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/ |
Source: svchost.exe, 00000003.00000003.1364013063.00000215E6C58000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx |
Source: svchost.exe, 00000003.00000003.1364013063.00000215E6C58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1363814571.00000215E6C62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1364259093.00000215E6C5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1366447349.00000215E6C63000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/ |
Source: svchost.exe, 00000003.00000003.1364013063.00000215E6C58000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations |
Source: svchost.exe, 00000003.00000003.1363757483.00000215E6C67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1365960193.00000215E6C2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1366478054.00000215E6C68000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/ |
Source: svchost.exe, 00000003.00000003.1364013063.00000215E6C58000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving |
Source: svchost.exe, 00000003.00000003.1364013063.00000215E6C58000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit |
Source: svchost.exe, 00000003.00000003.1364013063.00000215E6C58000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking |
Source: svchost.exe, 00000003.00000002.1366055215.00000215E6C3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1363814571.00000215E6C62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1366447349.00000215E6C63000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/ |
Source: svchost.exe, 00000003.00000002.1366055215.00000215E6C3F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/ |
Source: svchost.exe, 00000003.00000003.1364013063.00000215E6C58000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx |
Source: svchost.exe, 00000003.00000003.1363814571.00000215E6C62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1366447349.00000215E6C63000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log? |
Source: svchost.exe, 00000003.00000003.1364293174.00000215E6C4A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r= |
Source: svchost.exe, 00000003.00000002.1366055215.00000215E6C3F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r= |
Source: svchost.exe, 00000003.00000003.1363814571.00000215E6C62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1366447349.00000215E6C63000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r= |
Source: svchost.exe, 00000003.00000002.1366086819.00000215E6C44000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1364324633.00000215E6C43000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r= |
Source: svchost.exe, 00000003.00000002.1366539238.00000215E6C76000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dynamic.t |
Source: svchost.exe, 00000003.00000003.1364013063.00000215E6C58000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx |
Source: svchost.exe, 00000003.00000003.1362821532.00000215E6C33000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ecn.dev.virtualearth.net/REST/V1/MapControlConfiguration/native/ |
Source: svchost.exe, 00000003.00000003.1363757483.00000215E6C67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1365960193.00000215E6C2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1366478054.00000215E6C68000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/ |
Source: svchost.exe, 00000024.00000002.2516513363.000002B804F13000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2519109221.000002B805CB3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com |
Source: svchost.exe, 00000024.00000002.2518170013.000002B805C13000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ |
Source: svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ApproveSession.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ApproveSession.srfe.com |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600 |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601 |
Source: svchost.exe, 00000024.00000003.1359171467.000002B80576B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502 |
Source: svchost.exe, 00000024.00000003.1359171467.000002B80576B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600 |
Source: svchost.exe, 00000024.00000003.1359171467.000002B80576B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601 |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ListSessions.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ManageApprover.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ManageLoginKeys.srf |
Source: svchost.exe, 00000024.00000003.1390016964.000002B804EE4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515392408.000002B804E81000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2518233779.000002B805C37000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2516290801.000002B804EE1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/RST2.srf |
Source: svchost.exe, 00000024.00000002.2516290801.000002B804EE1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/RST2.srf$V |
Source: svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/didtou.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/didtou.srfo.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/getrealminfo.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/getuserrealm.srf |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsec |
Source: svchost.exe, 00000024.00000003.1359171467.000002B80576B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf |
Source: svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srfIssuerP |
Source: svchost.exe, 00000024.00000003.1359171467.000002B80576B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf |
Source: svchost.exe, 00000024.00000003.1359171467.000002B80576B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf |
Source: svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srftificates |
Source: svchost.exe, 00000024.00000003.1359171467.000002B80576B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/GetAppData.srf |
Source: svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/GetAppData.srfrfrf6085fid=cpsrf |
Source: svchost.exe, 00000024.00000003.1359171467.000002B80576B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf |
Source: svchost.exe, 00000024.00000003.1359171467.000002B80576B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359532181.000002B80572A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600 |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601 |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603 |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359532181.000002B80572A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604 |
Source: svchost.exe, 00000024.00000003.1359171467.000002B80576B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srf |
Source: svchost.exe, 00000024.00000003.1359532181.000002B80572A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfm |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502 |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80600 |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601 |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603 |
Source: svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359532181.000002B80572A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604 |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359532181.000002B80572A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605 |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359532181.000002B80572A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606 |
Source: svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359532181.000002B80572A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607 |
Source: svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359102832.000002B805757000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359532181.000002B80572A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608 |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp |
Source: svchost.exe, 00000024.00000003.1358375444.000002B80575A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp |
Source: svchost.exe, 00000024.00000003.1359383817.000002B805756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1358393670.000002B805752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359532181.000002B80572A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605 |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/ResolveUser.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf |
Source: svchost.exe, 00000024.00000002.2519246321.000002B805CBF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf3 |
Source: svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/devicechangecredential.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/resetpw.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/retention.srf |
Source: svchost.exe, 00000024.00000002.2518633439.000002B805C7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515629844.000002B804E9B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com:443/RST2.srf |
Source: svchost.exe, 00000024.00000002.2516513363.000002B804F13000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.comwwCP= |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.microsoftonline.com/MSARST2.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf |
Source: svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srfi |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2517369366.000002B805737000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf |
Source: svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf( |
Source: svchost.exe, 00000024.00000003.1359125029.000002B805740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000002.2515177417.000002B804E60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359150126.000002B805763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.microsoftonline.com/ppsecure/ResolveUser.srf |
Source: svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf7 |
Source: svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srf |
Source: svchost.exe, 00000024.00000002.2515032763.000002B804E40000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf |
Source: svchost.exe, 00000024.00000003.1359079202.000002B80573B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://signup.live.com/signup.aspx |
Source: svchost.exe, 00000003.00000003.1364324633.00000215E6C43000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx |
Source: svchost.exe, 00000003.00000003.1364293174.00000215E6C4A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r= |
Source: svchost.exe, 00000003.00000003.1364293174.00000215E6C4A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r= |
Source: svchost.exe, 00000003.00000003.1363948684.00000215E6C5D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r= |
Source: svchost.exe, 00000003.00000002.1365960193.00000215E6C2B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r= |
Source: svchost.exe, 00000003.00000003.1364013063.00000215E6C58000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen |
Source: svchost.exe, 00000003.00000003.1364013063.00000215E6C58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1366155272.00000215E6C59000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north= |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Code function: 0_2_00007FF7C19CEC99 |
0_2_00007FF7C19CEC99 |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Code function: 0_2_00007FF7C19C8DB8 |
0_2_00007FF7C19C8DB8 |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Code function: 0_2_00007FF7C19C4600 |
0_2_00007FF7C19C4600 |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Code function: 0_2_00007FF7C19D4D25 |
0_2_00007FF7C19D4D25 |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Code function: 0_2_00007FF7C19CBD30 |
0_2_00007FF7C19CBD30 |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Code function: 0_2_00007FF7C19C2528 |
0_2_00007FF7C19C2528 |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Code function: 0_2_00007FF7C19CC111 |
0_2_00007FF7C19CC111 |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Code function: 0_2_00007FF7C19C44B0 |
0_2_00007FF7C19C44B0 |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Code function: 0_2_00007FF7C19C8EF0 |
0_2_00007FF7C19C8EF0 |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Code function: 0_2_00007FF7C19D4DB4 |
0_2_00007FF7C19D4DB4 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 15_2_00007FF7C19BEC99 |
15_2_00007FF7C19BEC99 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 15_2_00007FF7C19B44B0 |
15_2_00007FF7C19B44B0 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 15_2_00007FF7C19B8EF0 |
15_2_00007FF7C19B8EF0 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 15_2_00007FF7C19B4671 |
15_2_00007FF7C19B4671 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 15_2_00007FF7C19B8DB8 |
15_2_00007FF7C19B8DB8 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 15_2_00007FF7C19C4D25 |
15_2_00007FF7C19C4D25 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 15_2_00007FF7C19BBD30 |
15_2_00007FF7C19BBD30 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 15_2_00007FF7C19B2528 |
15_2_00007FF7C19B2528 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 15_2_00007FF7C19BC111 |
15_2_00007FF7C19BC111 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 15_2_00007FF7C19C4DB4 |
15_2_00007FF7C19C4DB4 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 15_2_00007FF7C1A90D71 |
15_2_00007FF7C1A90D71 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 17_2_00007FF7C1988EF0 |
17_2_00007FF7C1988EF0 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 17_2_00007FF7C1984671 |
17_2_00007FF7C1984671 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 17_2_00007FF7C1988DB8 |
17_2_00007FF7C1988DB8 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 17_2_00007FF7C198BD30 |
17_2_00007FF7C198BD30 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 17_2_00007FF7C1982528 |
17_2_00007FF7C1982528 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 17_2_00007FF7C198EC99 |
17_2_00007FF7C198EC99 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 17_2_00007FF7C19844B0 |
17_2_00007FF7C19844B0 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 17_2_00007FF7C198C111 |
17_2_00007FF7C198C111 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 17_2_00007FF7C19874F0 |
17_2_00007FF7C19874F0 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 17_2_00007FF7C1A60D71 |
17_2_00007FF7C1A60D71 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_011EB070 |
26_2_011EB070 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_011EB4C8 |
26_2_011EB4C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_011E4AD8 |
26_2_011E4AD8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_011EEF00 |
26_2_011EEF00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_011E3EC0 |
26_2_011E3EC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_011E4208 |
26_2_011E4208 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_0649C480 |
26_2_0649C480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_0649ABF8 |
26_2_0649ABF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_064B65E8 |
26_2_064B65E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_064B55A8 |
26_2_064B55A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_064BB228 |
26_2_064BB228 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_064B2360 |
26_2_064B2360 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_064BC170 |
26_2_064BC170 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_064B7D78 |
26_2_064B7D78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_064B7698 |
26_2_064B7698 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_064BE398 |
26_2_064BE398 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_064B0040 |
26_2_064B0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_064B5CF0 |
26_2_064B5CF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_069A34D0 |
26_2_069A34D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 26_2_064B0006 |
26_2_064B0006 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_00CCB190 |
31_2_00CCB190 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_00CCA908 |
31_2_00CCA908 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_00CC4AD8 |
31_2_00CC4AD8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_00CC3EC0 |
31_2_00CC3EC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_00CCEFE8 |
31_2_00CCEFE8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_00CC4208 |
31_2_00CC4208 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_06287D78 |
31_2_06287D78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_062855A8 |
31_2_062855A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_062865E8 |
31_2_062865E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_0628B228 |
31_2_0628B228 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_06282360 |
31_2_06282360 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_0628C170 |
31_2_0628C170 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_06287698 |
31_2_06287698 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_06285CF0 |
31_2_06285CF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_0628E398 |
31_2_0628E398 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_06280040 |
31_2_06280040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 31_2_0628003B |
31_2_0628003B |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 38_2_00007FF7C19A4671 |
38_2_00007FF7C19A4671 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 38_2_00007FF7C19A8DB8 |
38_2_00007FF7C19A8DB8 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 38_2_00007FF7C19ABD30 |
38_2_00007FF7C19ABD30 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 38_2_00007FF7C19A2528 |
38_2_00007FF7C19A2528 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 38_2_00007FF7C19AEC99 |
38_2_00007FF7C19AEC99 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 38_2_00007FF7C19A44B0 |
38_2_00007FF7C19A44B0 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 38_2_00007FF7C19AC111 |
38_2_00007FF7C19AC111 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 38_2_00007FF7C19A8EF0 |
38_2_00007FF7C19A8EF0 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 38_2_00007FF7C1A80D71 |
38_2_00007FF7C1A80D71 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_012BB4B8 |
43_2_012BB4B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_012B4AD8 |
43_2_012B4AD8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_012BEF00 |
43_2_012BEF00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_012B3EC0 |
43_2_012B3EC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_012B4208 |
43_2_012B4208 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_06697D78 |
43_2_06697D78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_066965E8 |
43_2_066965E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_066955A8 |
43_2_066955A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_0669B217 |
43_2_0669B217 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_06693068 |
43_2_06693068 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_0669C170 |
43_2_0669C170 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_06697698 |
43_2_06697698 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_06695CDF |
43_2_06695CDF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_06692353 |
43_2_06692353 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_0669E398 |
43_2_0669E398 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_06690040 |
43_2_06690040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_0669003F |
43_2_0669003F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 43_2_06690006 |
43_2_06690006 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 52_2_00007FF7C191EC99 |
52_2_00007FF7C191EC99 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 52_2_00007FF7C19144B0 |
52_2_00007FF7C19144B0 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 52_2_00007FF7C19174F0 |
52_2_00007FF7C19174F0 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 52_2_00007FF7C1918DB8 |
52_2_00007FF7C1918DB8 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 52_2_00007FF7C1918DC0 |
52_2_00007FF7C1918DC0 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 52_2_00007FF7C1914600 |
52_2_00007FF7C1914600 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 52_2_00007FF7C1924D25 |
52_2_00007FF7C1924D25 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 52_2_00007FF7C1912528 |
52_2_00007FF7C1912528 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 52_2_00007FF7C191BD30 |
52_2_00007FF7C191BD30 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 52_2_00007FF7C191C111 |
52_2_00007FF7C191C111 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 52_2_00007FF7C19259C9 |
52_2_00007FF7C19259C9 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 52_2_00007FF7C192597D |
52_2_00007FF7C192597D |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 52_2_00007FF7C19194D8 |
52_2_00007FF7C19194D8 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 52_2_00007FF7C1918EF0 |
52_2_00007FF7C1918EF0 |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Code function: 52_2_00007FF7C1924DB4 |
52_2_00007FF7C1924DB4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_0144B4C8 |
56_2_0144B4C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_01444AD8 |
56_2_01444AD8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_0144EF00 |
56_2_0144EF00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_01443EC0 |
56_2_01443EC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_01444208 |
56_2_01444208 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_0622C480 |
56_2_0622C480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_0622AF14 |
56_2_0622AF14 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_0622E290 |
56_2_0622E290 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_0622AF08 |
56_2_0622AF08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_0622ABF8 |
56_2_0622ABF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_06247D78 |
56_2_06247D78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_062455A8 |
56_2_062455A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_062465E8 |
56_2_062465E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_0624B228 |
56_2_0624B228 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_06242360 |
56_2_06242360 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_0624C170 |
56_2_0624C170 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_06247698 |
56_2_06247698 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_06245CF0 |
56_2_06245CF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_0624E398 |
56_2_0624E398 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_06240040 |
56_2_06240040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 56_2_06240006 |
56_2_06240006 |
Source: unknown |
Process created: C:\Users\user\Desktop\Quotation Order.exe "C:\Users\user\Desktop\Quotation Order.exe" |
|
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC |
|
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' & exit |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp25B.tmp.bat"" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\timeout.exe timeout 3 |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\svchost.exe C:\Users\user\AppData\Roaming\svchost.exe |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Users\user\AppData\Roaming\svchost.exe "C:\Users\user\AppData\Roaming\svchost.exe" |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe" |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe" |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe" |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe" |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup |
|
Source: C:\Windows\System32\conhost.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 428 -p 8072 -ip 8072 |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe" |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 8072 -s 1276 |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe" |
|
Source: C:\Windows\System32\conhost.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 212 -p 8164 -ip 8164 |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 8164 -s 1688 |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\svchost.exe "C:\Users\user\AppData\Roaming\svchost.exe" |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" |
|
Source: C:\Windows\System32\conhost.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 552 -p 7412 -ip 7412 |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7412 -s 1648 |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\avdfUcC\avdfUcC.exe "C:\Users\user\AppData\Roaming\avdfUcC\avdfUcC.exe" |
|
Source: C:\Users\user\AppData\Roaming\avdfUcC\avdfUcC.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\svchost.exe "C:\Users\user\AppData\Roaming\svchost.exe" |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe" |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe" |
|
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' & exit |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp25B.tmp.bat"" |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\timeout.exe timeout 3 |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Users\user\AppData\Roaming\svchost.exe "C:\Users\user\AppData\Roaming\svchost.exe" |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe" |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe" |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe" |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe" |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe" |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe" |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 428 -p 8072 -ip 8072 |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 8072 -s 1276 |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 212 -p 8164 -ip 8164 |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 8164 -s 1688 |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 552 -p 7412 -ip 7412 |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7412 -s 1648 |
|
Source: C:\Windows\System32\svchost.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\svchost.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\WerFault.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\WerFault.exe |
Process created: unknown unknown |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" |
|
Source: C:\Windows\System32\WerFault.exe |
Process created: unknown unknown |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe" |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe" |
|
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: moshost.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: mapsbtsvc.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: mosstorage.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: ztrace_maps.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: ztrace_maps.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: mapconfiguration.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: storsvc.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: fltlib.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: bcd.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wer.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: appxdeploymentclient.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: storageusage.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: aphostservice.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: networkhelper.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: userdataplatformhelperutil.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: syncutil.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: mccspal.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: dmcfgutils.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: dmcmnutils.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: dmxmlhelputils.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: inproclogger.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: flightsettings.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: windows.networking.connectivity.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: npmproxy.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msv1_0.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: ntlmshared.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: cryptdll.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: synccontroller.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: pimstore.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: aphostclient.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: accountaccessor.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: mccsengineshared.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: dsclient.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: cemapi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: userdatalanguageutil.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: userdatatypehelperutil.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: phoneutil.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: systemeventsusererclient.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: execmodelproxy.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: rmclient.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: cmdext.dll |
Jump to behavior |
Source: C:\Windows\System32\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\System32\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\schtasks.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\System32\timeout.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: version.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: rasapi32.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: rasman.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: rtutils.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: mswsock.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: winhttp.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ondemandconnroutehelper.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: dhcpcsvc6.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: dhcpcsvc.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: dnsapi.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: winnsi.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: rasadhlp.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: fwpuclnt.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ntmarta.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: vaultcli.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: wintypes.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: schannel.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: mskeyprotect.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ntasn1.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ncrypt.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ncryptsslp.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: wersvc.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: windowsperformancerecordercontrol.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: weretw.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: xmllite.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: wer.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: faultrep.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: dbghelp.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: dbgcore.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: wer.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
|
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Users\user\Desktop\Quotation Order.exe TID: 7476 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7996 |
Thread sleep time: -5534023222112862s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8088 |
Thread sleep time: -6456360425798339s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -14757395258967632s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -100000s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 7940 |
Thread sleep count: 1269 > 30 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -99891s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 7940 |
Thread sleep count: 2907 > 30 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -99766s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -99651s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -99531s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -99422s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -99141s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -99031s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -98916s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -96602s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -96485s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -96326s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -96157s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -96000s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -95891s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -95767s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -95649s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -95531s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -95418s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -95297s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8020 |
Thread sleep time: -95188s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -21213755684765971s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -100000s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 4656 |
Thread sleep count: 4527 > 30 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -99890s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -99781s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -99671s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -99563s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -99453s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -99343s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -99234s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -99123s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -98997s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -98891s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -98766s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -98651s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -98547s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -98438s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 4656 |
Thread sleep count: 936 > 30 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -98317s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -98188s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -98078s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -97953s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -97844s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -97735s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -97625s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -97515s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -97405s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -97296s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -97188s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7888 |
Thread sleep time: -97076s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2596 |
Thread sleep time: -4611686018427385s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2092 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -13835058055282155s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -100000s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 4232 |
Thread sleep count: 2388 > 30 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -99868s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -99730s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -99610s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 4232 |
Thread sleep count: 2139 > 30 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -99485s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -99359s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -99244s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -99137s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -99017s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -98891s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -98782s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -98658s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -98532s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -98422s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -98298s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -98172s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -98047s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -97938s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -97813s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -97704s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -97579s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -97454s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -97329s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2988 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Users\user\AppData\Roaming\avdfUcC\avdfUcC.exe TID: 4200 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2956 |
Thread sleep time: -1844674407370954s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4760 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2732 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -10145709240540247s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -100000s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6368 |
Thread sleep count: 2134 > 30 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -99884s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -99778s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -99672s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6368 |
Thread sleep count: 2482 > 30 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -99553s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -99422s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -99313s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -99188s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -99063s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -98953s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -98844s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -98704s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -98578s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -98469s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -98335s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -98219s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -98110s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -97985s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -97860s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -97735s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -97610s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -97485s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -97360s >= -30000s |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8016 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Users\user\Desktop\Quotation Order.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 922337203685477 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 100000 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 99891 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 99766 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 99651 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 99531 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 99422 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 99141 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 99031 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 98916 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 96602 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 96485 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 96326 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 96157 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 96000 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 95891 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 95767 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 95649 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 95531 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 95418 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 95297 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 95188 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 922337203685477 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 100000 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99890 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99781 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99671 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99563 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99453 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99343 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99234 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99123 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98997 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98891 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98766 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98651 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98547 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98438 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98317 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98188 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98078 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 97953 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 97844 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 97735 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 97625 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 97515 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 97405 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 97296 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 97188 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 97076 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 922337203685477 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 100000 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 99868 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 99730 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 99610 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 99485 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 99359 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 99244 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 99137 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 99017 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 98891 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 98782 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 98658 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 98532 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 98422 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 98298 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 98172 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 98047 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 97938 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 97813 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 97704 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 97579 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 97454 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 97329 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Thread delayed: delay time: 922337203685477 |
|
Source: C:\Users\user\AppData\Roaming\avdfUcC\avdfUcC.exe |
Thread delayed: delay time: 922337203685477 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 922337203685477 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 100000 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99884 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99778 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99672 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99553 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99422 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99313 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99188 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 99063 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98953 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98844 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98704 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98578 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98469 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98335 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98219 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 98110 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 97985 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 97860 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 97735 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 97610 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 97485 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 97360 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Thread delayed: delay time: 922337203685477 |
|
Source: Amcache.hve.35.dr |
Binary or memory string: VMware |
Source: Quotation Order.exe, 00000000.00000002.1287260691.0000025980041000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.1482838005.00000153C05A1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.1454297088.000001FC8F1F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000026.00000002.1488978955.0000026BB4BCE000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000034.00000002.1652420227.000002DFB97A1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: QEMUP |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB97A1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: "SOFTWARE\VMware, Inc.\VMware ToolsP |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB9BBE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Amcache.hve.35.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: svchost.exe, 00000024.00000002.2516165987.000002B804ED4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB9BBE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMWARE |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB9BBE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys |
Source: svchost.exe, 00000005.00000002.2514862826.00000202B728E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: Amcache.hve.35.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.35.dr |
Binary or memory string: vmci.sys |
Source: svchost.exe, 00000005.00000002.2513844364.00000202B724E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: #disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB9BBE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys |
Source: CasPol.exe, 00000038.00000002.2517527074.0000000003282000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmware |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB9BBE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB97A1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMWAREHS |
Source: Amcache.hve.35.dr |
Binary or memory string: VMware20,1 |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB97A1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: &C:\WINDOWS\system32\drivers\vmhgfs.sysP |
Source: Amcache.hve.35.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.35.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.35.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.35.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.35.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.35.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB9BBE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys |
Source: AddInProcess32.exe, 0000001A.00000002.1513494565.0000000005FA4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllI |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB9BBE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys |
Source: Amcache.hve.35.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.35.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.35.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB97A1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMWAREP |
Source: svchost.exe, 00000024.00000002.2514904148.000002B804E2B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW~ |
Source: svchost.exe, 00000005.00000002.2513550566.00000202B722B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: @\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\ |
Source: CasPol.exe, 00000038.00000002.2543008151.0000000006260000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllD |
Source: Amcache.hve.35.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.35.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: svchost.exe, 00000005.00000002.2514331338.00000202B7264000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: $@SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000 |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB97A1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmwareP |
Source: Amcache.hve.35.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.35.dr |
Binary or memory string: VMware, Inc. |
Source: svchost.exe, 00000005.00000002.2514513323.00000202B7281000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: Amcache.hve.35.dr |
Binary or memory string: VMware20,1hbin@ |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB97A1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: )C:\WINDOWS\system32\drivers\VBoxMouse.sysP |
Source: Amcache.hve.35.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.35.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.35.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB97A1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: %C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\P |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB9BBE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB9BBE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMware SVGA II |
Source: Amcache.hve.35.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.35.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB97A1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMware SVGA IIP |
Source: CasPol.exe, 0000001F.00000002.1647286453.0000000005EB2000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000002B.00000002.2543086036.0000000006090000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB97A1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: 'C:\WINDOWS\system32\drivers\vmmouse.sysP |
Source: svchost.exe, 00000011.00000002.1472279913.000001FCA7B72000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: Amcache.hve.35.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.35.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: svchost.exe, 00000005.00000002.2513550566.00000202B722B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: (@\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB9BBE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: Amcache.hve.35.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: svchost.exe, 00000024.00000003.1399478264.000002B805C44000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: NXTVMWare |
Source: Amcache.hve.35.dr |
Binary or memory string: VMware-42 27 ae 88 8c 2b 21 02-a5 86 22 5b 84 51 ac f0 |
Source: AddInProcess32.exe, 0000001A.00000002.1472724735.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: VMwareVBoxESelect * from Win32_ComputerSystem |
Source: svchost.exe, 00000005.00000002.2512648304.00000202B7202000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc |
Source: Amcache.hve.35.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: svchost.exe, 00000005.00000002.2513844364.00000202B724E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: #Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: svchost.exe, 00000034.00000002.1652420227.000002DFB97A1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: "SOFTWARE\VMware, Inc.\VMware Tools |
Source: C:\Users\user\Desktop\Quotation Order.exe |
Queries volume information: C:\Users\user\Desktop\Quotation Order.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C: VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C: VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Queries volume information: C:\Users\user\AppData\Roaming\svchost.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Queries volume information: C:\Users\user\AppData\Roaming\svchost.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Queries volume information: C:\Users\user\AppData\Roaming\svchost.exe VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\avdfUcC\avdfUcC.exe |
Queries volume information: C:\Users\user\AppData\Roaming\avdfUcC\avdfUcC.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\avdfUcC\avdfUcC.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\avdfUcC\avdfUcC.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\svchost.exe |
Queries volume information: C:\Users\user\AppData\Roaming\svchost.exe VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
|