Source: PowerShell_transcript.179605.1KVzgujm.20210108093427.txt.3.dr | String found in binary or memory: http://lankarecipes.com/mages.jp |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/ |
Source: powershell.exe, 00000015.00000002.877459698.0000000004FD1000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/wsdl/ |
Source: Test3.jpg, 00000013.00000003.817118818.0000000004081000.00000004.00000001.sdmp, sqlmap.dll.19.dr | String found in binary or memory: http://stascorp.comDVarFileInfo$ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: http://weather.service.msn.com/data.aspx |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://analysis.windows.net/powerbi/api |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://api.aadrm.com/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://api.addins.omex.office.net/appinfo/query |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://api.addins.omex.office.net/appstate/query |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://api.cortana.ai |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://api.diagnostics.office.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://api.diagnosticssdf.office.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://api.microsoftstream.com/api/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://api.office.net |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://api.onedrive.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://api.powerbi.com/beta/myorg/imports |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://apis.live.net/v5.0/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://arc.msn.com/v4/api/selection |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://augloop.office.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://augloop.office.com/v2 |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://autodiscover-s.outlook.com/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://cdn.entity. |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://client-office365-tas.msedge.net/ab |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://clients.config.office.net/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://clients.config.office.net/user/v1.0/ios |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://clients.config.office.net/user/v1.0/mac |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://config.edge.skype.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://config.edge.skype.com/config/v1/Office |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://config.edge.skype.com/config/v2/Office |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://contentstorage.omex.office.net/addinclassifier/officeentities |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://contentstorage.omex.office.net/addinclassifier/officeentitiesupdated |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://cortana.ai |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://cortana.ai/api |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://cr.office.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://dataservice.o365filtering.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://dataservice.o365filtering.com/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://dev.cortana.ai |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://dev0-api.acompli.net/autodetect |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://devnull.onenote.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://directory.services. |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://ecs.office.com/config/v2/Office |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://entitlement.diagnostics.office.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://entitlement.diagnosticssdf.office.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android |
Source: Test3.jpg, 00000012.00000003.779302580.00000000006C8000.00000004.00000001.sdmp, Test3.jpg, 00000013.00000002.939472829.0000000000400000.00000040.00000001.sdmp | String found in binary or memory: https://github.com/syohex/java-simple-mine-sweeperC: |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://globaldisco.crm.dynamics.com |
Source: powershell.exe, 00000003.00000003.731177309.0000000004F95000.00000004.00000001.sdmp | String found in binary or memory: https://go.micro |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://graph.ppe.windows.net |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://graph.ppe.windows.net/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://graph.windows.net |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://graph.windows.net/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse? |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1 |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1 |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1 |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon? |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://incidents.diagnostics.office.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://incidents.diagnosticssdf.office.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://lifecycle.office.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://login.microsoftonline.com/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://login.windows.local |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://login.windows.net/common/oauth2/authorize |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1 |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://management.azure.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://management.azure.com/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://messaging.office.com/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://ncus-000.contentsync. |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://ncus-000.pagecontentsync. |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://officeapps.live.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://officeci.azurewebsites.net/api/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://officesetup.getmicrosoftkey.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://onedrive.live.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://onedrive.live.com/embed? |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://outlook.office.com/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid= |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://outlook.office365.com/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13 |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://powerlift-frontdesk.acompli.net |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://powerlift.acompli.net |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://settings.outlook.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://shell.suite.office.com:1443 |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://skyapi.live.net/Activity/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://staging.cortana.ai |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://store.office.cn/addinstemplate |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://store.office.com/?productgroup=Outlook |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://store.office.com/addinstemplate |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://store.office.de/addinstemplate |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://store.officeppe.com/addinstemplate |
Source: Test3.jpg, 00000013.00000002.948026637.0000000004080000.00000004.00000001.sdmp | String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash |
Source: Test3.jpg, 00000013.00000002.948026637.0000000004080000.00000004.00000001.sdmp | String found in binary or memory: https://support.google.com/chrome/answer/6258784 |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://tasks.office.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://templatelogging.office.com/client/log |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://web.microsoftstream.com/video/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/ |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://webshell.suite.office.com |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://wus2-000.contentsync. |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://wus2-000.pagecontentsync. |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2 |
Source: 1C667E71-DE7F-40D0-8C7D-A76533AF53EA.0.dr | String found in binary or memory: https://www.odwebp.svc.ms |
Source: Telex06012020.xls, type: SAMPLE | Matched rule: PowerShell_in_Word_Doc date = 2017-06-27, author = Florian Roth, description = Detects a powershell and bypass keyword in a Word document, reference = Internal Research - ME, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 4fd4a7b5ef5443e939015276fc4bf8ffa6cf682dd95845ef10fdf8158fdd8905 |
Source: Telex06012020.xls, type: SAMPLE | Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = https://creativecommons.org/licenses/by-nc/4.0/, score = |
Source: 00000016.00000002.944604602.0000000005292000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000012.00000003.779302580.00000000006C8000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000013.00000003.785520059.000000000062B000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000013.00000002.946480583.0000000003465000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000003.00000003.759722473.00000000061E3000.00000004.00000001.sdmp, type: MEMORY | Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = https://creativecommons.org/licenses/by-nc/4.0/, score = |
Source: 00000013.00000000.780781628.0000000000443000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000013.00000003.785553106.000000000062C000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000012.00000003.781273040.00000000006C6000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000003.00000003.739726186.000000000071D000.00000004.00000001.sdmp, type: MEMORY | Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = https://creativecommons.org/licenses/by-nc/4.0/, score = |
Source: 00000013.00000002.946136847.0000000002B8F000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000012.00000000.764732381.0000000000443000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000013.00000002.939727802.000000000054F000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000013.00000003.785647201.000000000062C000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000013.00000001.781400247.000000000054F000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000013.00000001.781273752.0000000000400000.00000040.00020000.sdmp, type: MEMORY | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000013.00000001.781273752.0000000000400000.00000040.00020000.sdmp, type: MEMORY | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000013.00000002.939472829.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000013.00000002.939472829.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000012.00000002.783515823.0000000002C2F000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000012.00000002.783479226.0000000002AE0000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000012.00000002.783479226.0000000002AE0000.00000040.00000001.sdmp, type: MEMORY | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000012.00000003.780359821.00000000006E6000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000012.00000002.782434479.0000000000443000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: C:\Users\user\Desktop\DCC40000, type: DROPPED | Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = https://creativecommons.org/licenses/by-nc/4.0/, score = |
Source: C:\Users\user\AppData\Local\Temp\Test1.txt, type: DROPPED | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: C:\Users\user\AppData\Local\Temp\Test1.txt, type: DROPPED | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg, type: DROPPED | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg, type: DROPPED | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 18.0.Test3.jpg.400000.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 18.0.Test3.jpg.400000.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 18.2.Test3.jpg.400000.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 18.2.Test3.jpg.400000.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 19.2.Test3.jpg.400000.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 19.2.Test3.jpg.400000.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 19.2.Test3.jpg.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 19.2.Test3.jpg.400000.0.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 19.2.Test3.jpg.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 19.2.Test3.jpg.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.2.Test3.jpg.2ae0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 18.2.Test3.jpg.2ae0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.2.Test3.jpg.2ae0000.1.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 18.2.Test3.jpg.2ae0000.1.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 18.2.Test3.jpg.2ae0000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 18.2.Test3.jpg.2ae0000.1.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 19.0.Test3.jpg.400000.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 19.0.Test3.jpg.400000.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 19.1.Test3.jpg.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 19.1.Test3.jpg.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 19.1.Test3.jpg.400000.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 19.1.Test3.jpg.400000.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 19.1.Test3.jpg.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 19.1.Test3.jpg.400000.0.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\Test3.jpg | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Add-VMNetworkAdapter |
Source: powershell.exe, 00000015.00000002.881477830.00000000059E6000.00000004.00000001.sdmp | Binary or memory string: Hyper-V |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | Binary or memory string: fOC:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V\2.0.0.0\Hyper-V.psd1h |
Source: powershell.exe, 00000015.00000002.881477830.00000000059E6000.00000004.00000001.sdmp | Binary or memory string: f:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Remove-VMNetworkAdapterExtendedAcl |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | Binary or memory string: fKC:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V\1.1\Hyper-V.psd1h |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Set-VMNetworkAdapterTeamMapping |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Connect-VMNetworkAdapter |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Add-VMNetworkAdapterExtendedAcl |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | Binary or memory string: f(Set-VMNetworkAdapterRoutingDomainMapping |
Source: WMIC.exe, 00000011.00000002.766693060.0000000000B40000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | Binary or memory string: f"Remove-VMNetworkAdapterExtendedAcl |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Get-VMNetworkAdapterTeamMapping |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | Binary or memory string: f(Set-VmNetworkAdapterRoutingDomainMapping |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | Binary or memory string: f)Get-VMNetworkAdapterFailoverConfigurationiape+ |
Source: powershell.exe, 00000003.00000003.742621081.0000000008D10000.00000004.00000001.sdmp | Binary or memory string: \??\C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V\* |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Get-VMNetworkAdapterIsolation |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Test-VMNetworkAdapter |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: )Get-VMNetworkAdapterFailoverConfiguration |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V\1.1\Hyper-V.psd1 |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Set-VMNetworkAdapterRdma |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: (Set-VMNetworkAdapterRoutingDomainMapping |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Get-VMNetworkAdapterAcl |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Remove-VMNetworkAdapterTeamMapping |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: )Set-VMNetworkAdapterFailoverConfiguration |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Rename-VMNetworkAdapter |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Get-VMNetworkAdapterVlan |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Set-VMNetworkAdapterIsolation |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: (Add-VmNetworkAdapterRoutingDomainMapping |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | Binary or memory string: f(Add-VMNetworkAdapterRoutingDomainMapping |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | Binary or memory string: f)Get-VMNetworkAdapterFailoverConfiguration |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: "Remove-VMNetworkAdapterTeamMapping |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Remove-VMNetworkAdapterAcl |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Get-VMNetworkAdapter |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Add-VMScsiController |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Set-VmNetworkAdapterIsolation |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Set-VmNetworkAdapterRoutingDomainMapping |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | Binary or memory string: f)Set-VMNetworkAdapterFailoverConfiguration |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | Binary or memory string: f"Remove-VMNetworkAdapterTeamMapping |
Source: WMIC.exe, 00000011.00000002.766693060.0000000000B40000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Get-VMScsiController |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Get-VMNetworkAdapterRdma |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Set-VMNetworkAdapterRoutingDomainMapping |
Source: WMIC.exe, 00000011.00000002.766693060.0000000000B40000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Set-VMNetworkAdapterVlan |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Get-VmNetworkAdapterIsolation |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Disconnect-VMNetworkAdapter |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Set-VMNetworkAdapter |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Get-VMNetworkAdapterRoutingDomainMapping |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: "Remove-VMNetworkAdapterExtendedAcl |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: KC:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V\1.1\Hyper-V.psd1 |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: +Remove-VMNetworkAdapterRoutingDomainMapping |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: (Add-VMNetworkAdapterRoutingDomainMapping |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Add-VMNetworkAdapterRoutingDomainMapping |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: (Get-VMNetworkAdapterRoutingDomainMapping |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V\2.0.0.0\Hyper-V.psd1 |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Add-VMNetworkAdapterAcl |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Set-VMNetworkAdapterFailoverConfiguration |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | Binary or memory string: f+Remove-VMNetworkAdapterRoutingDomainMapping |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Add-VmNetworkAdapterRoutingDomainMapping |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Remove-VMScsiController |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | Binary or memory string: f(Get-VMNetworkAdapterRoutingDomainMapping |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | Binary or memory string: f+Remove-VMNetworkAdapterRoutingDomainMappingitpe+ |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: OC:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V\2.0.0.0\Hyper-V.psd1 |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Remove-VMNetworkAdapter |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Get-VMNetworkAdapterFailoverConfiguration |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: (Set-VmNetworkAdapterRoutingDomainMapping |
Source: WMIC.exe, 00000011.00000002.766693060.0000000000B40000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: powershell.exe, 00000015.00000002.877685086.0000000005110000.00000004.00000001.sdmp | Binary or memory string: f(Add-VmNetworkAdapterRoutingDomainMapping |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Remove-VMNetworkAdapterRoutingDomainMapping |
Source: ModuleAnalysisCache.3.dr | Binary or memory string: Get-VMNetworkAdapterExtendedAcl |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |