Source: |
Binary string: rsaenh.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: symbols\exe\Microsoft.PythonTools.XamlDesignerSupport.pdb source: wid3i48Egy.exe, 00000001.00000002.444276755.0000000000BD7000.00000004.00000001.sdmp, svchost.exe, 0000001E.00000000.613136292.0000000000FA8000.00000004.00000001.sdmp |
Source: |
Binary string: anagement.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: System.ni.pdb% source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: onfiguration.ni.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 0000001F.00000003.479216820.0000000004D10000.00000004.00000040.sdmp |
Source: |
Binary string: wbemcomn.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: Microsoft.PythonTools.XamlDesignerSupport.pdbk source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: moryProtection.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb8 source: wid3i48Egy.exe, 00000001.00000002.495150715.0000000006600000.00000004.00000001.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: ml.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: clr.pdb source: WerFault.exe, 0000001F.00000003.479216820.0000000004D10000.00000004.00000040.sdmp |
Source: |
Binary string: .ni.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: cryptsp.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: urlmon.pdbA source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: ility.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: System.ni.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdbst source: wid3i48Egy.exe, 00000001.00000002.495150715.0000000006600000.00000004.00000001.sdmp |
Source: |
Binary string: E:\A\_work\681\b\raw\obj\XamlDesignerSupport\Microsoft.PythonTools.XamlDesignerSupport.pdbSystem\7957F23F\svchost.PDBn source: svchost.exe, 0000001E.00000000.613136292.0000000000FA8000.00000004.00000001.sdmp |
Source: |
Binary string: ntmarta.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: CLBCatQ.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: urlmon.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: System.Configuration.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: E:\A\_work\681\b\raw\obj\XamlDesignerSupport\Microsoft.PythonTools.XamlDesignerSupport.pdb source: wid3i48Egy.exe, 7B71FC14.exe, 0000000E.00000000.393050188.00000000009FD000.00000002.00020000.sdmp, 7B71FC14.exe, 00000017.00000000.407144547.00000000004ED000.00000002.00020000.sdmp, wid3i48Egy.exe, 0000001B.00000000.435110036.000000000084D000.00000002.00020000.sdmp, svchost.exe, 0000001E.00000000.613136292.0000000000FA8000.00000004.00000001.sdmp, svchost.exe, 00000022.00000000.460168602.000000000021D000.00000002.00020000.sdmp |
Source: |
Binary string: crypt32.pdb; source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 0000001F.00000003.479268284.0000000004D13000.00000004.00000040.sdmp |
Source: |
Binary string: mscorlib.ni.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: ole32.pdbu source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Xml.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: indows.Forms.pdb source: WerFault.exe, 0000001F.00000003.478678016.0000000004C27000.00000004.00000001.sdmp |
Source: |
Binary string: dwmapi.pdbE source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: i.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: anagement.pdb{{!V source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: dwmapi.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: mscoree.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: ws2_32.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: WLDP.pdbG source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: System.Runtime.Remoting.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: shlwapi.pdbk source: WerFault.exe, 0000001F.00000003.479268284.0000000004D13000.00000004.00000040.sdmp |
Source: |
Binary string: E:\A\_work\681\b\raw\obj\XamlDesignerSupport\Microsoft.PythonTools.XamlDesignerSupport.pdb@1d source: wid3i48Egy.exe, 00000001.00000002.444276755.0000000000BD7000.00000004.00000001.sdmp |
Source: |
Binary string: (POltC:\Windows\Microsoft.PythonTools.XamlDesignerSupport.pdb source: wid3i48Egy.exe, 00000001.00000002.444276755.0000000000BD7000.00000004.00000001.sdmp |
Source: |
Binary string: version.pdbS source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Configuration.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: System.Configuration.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: iertutil.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: clrcompression.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdbI source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: mscorlib.ni.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: msasn1.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: mscorlib.pdb source: wid3i48Egy.exe, 00000001.00000002.455483465.000000000302E000.00000004.00000001.sdmp, WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: wimm32.pdbg source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: C:\Program Files\Common Files\System\7957F23F\svchost.PDB source: svchost.exe, 0000001E.00000000.613136292.0000000000FA8000.00000004.00000001.sdmp |
Source: |
Binary string: comctl32v582.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Drawing.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 0000001F.00000003.479268284.0000000004D13000.00000004.00000040.sdmp |
Source: |
Binary string: System.Management.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: KC:\Users\user\Desktop\wid3i48Egy.PDB source: wid3i48Egy.exe, 00000001.00000002.444276755.0000000000BD7000.00000004.00000001.sdmp |
Source: |
Binary string: t.PythonTools.XamlDesignerSupport.pdb source: WerFault.exe, 0000001F.00000003.478678016.0000000004C27000.00000004.00000001.sdmp |
Source: |
Binary string: wintrust.pdb7 source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: Accessibility.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: wntdll.pdbk source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: Amsi.pdbO source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: (P*ltC:\Windows\Microsoft.PythonTools.XamlDesignerSupport.pdb source: svchost.exe, 0000001E.00000000.613136292.0000000000FA8000.00000004.00000001.sdmp |
Source: |
Binary string: ml.ni.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: WinTypes.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: WMINet_Utils.pdb) source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: rsaenh.pdby source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: Accessibility.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: C:\Windows\Resources\new\Repo\Debug\private\RUNPE\JabrezRPE\JabrezRPE\obj\Debug\RunPE_MemoryProtection.pdb source: wid3i48Egy.exe, 00000001.00000002.472144141.0000000004008000.00000004.00000001.sdmp, svchost.exe, 0000001E.00000003.555361080.0000000004C44000.00000004.00000001.sdmp |
Source: |
Binary string: rawing.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: System.Management.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: mscorlib.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: wwin32u.pdba source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: t.VisualBasic.pdb source: WerFault.exe, 0000001F.00000003.478678016.0000000004C27000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Core.ni.pdb% source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: s.pdb source: svchost.exe, 0000001E.00000000.613136292.0000000000FA8000.00000004.00000001.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 0000001F.00000003.479216820.0000000004D10000.00000004.00000040.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Core.ni.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: Microsoft.PythonTools.XamlDesignerSupport.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: wbemprox.pdb1 source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: userenv.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbg source: wid3i48Egy.exe, 00000001.00000002.495150715.0000000006600000.00000004.00000001.sdmp |
Source: |
Binary string: System.Core.ni.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: clrjit.pdb] source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Xml.ni.pdbT source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: diasymreader.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: System.Runtime.Remoting.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: wUxTheme.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.StateRepositoryPS.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: mscorlib.ni.pdb% source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: E:\A\_work\681\b\raw\obj\XamlDesignerSupport\Microsoft.PythonTools.XamlDesignerSupport.pdbQVisual source: wid3i48Egy.exe, 00000001.00000002.444276755.0000000000BD7000.00000004.00000001.sdmp |
Source: |
Binary string: comctl32v582.pdb) source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: wmiutils.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: System.ni.pdbT3 source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: System.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: System.Xml.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: E:\A\_work\681\b\raw\obj\XamlDesignerSupport\Microsoft.PythonTools.XamlDesignerSupport.pdb4437-8B11-F424491E3931}\Servererver32x7Bix7Bi source: wid3i48Egy.exe, 00000001.00000002.495583184.0000000006628000.00000004.00000001.sdmp |
Source: |
Binary string: Accessibility.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Drawing.pdbS source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: c:\Projects\VS2005\AdvancedRun\Release\AdvancedRun.pdb source: AdvancedRun.exe, 00000003.00000000.361426173.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000004.00000000.364896267.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000021.00000000.454092205.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000023.00000002.482058843.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000024.00000000.472401551.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000025.00000002.481100139.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000026.00000002.488960045.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000027.00000000.495638853.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000037.00000002.602930696.000000000040C000.00000002.00020000.sdmp |
Source: |
Binary string: System.Xml.ni.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 0000001F.00000003.479216820.0000000004D10000.00000004.00000040.sdmp |
Source: |
Binary string: WLDP.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: wid3i48Egy.PDB source: wid3i48Egy.exe, 00000001.00000002.444276755.0000000000BD7000.00000004.00000001.sdmp |
Source: |
Binary string: clrjit.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: ZlC:\Users\user\Desktop\Microsoft.PythonTools.XamlDesignerSupport.pdb source: wid3i48Egy.exe, 00000001.00000002.444276755.0000000000BD7000.00000004.00000001.sdmp |
Source: |
Binary string: propsys.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: fastprox.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: wbemsvc.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\Microsoft.PythonTools.XamlDesignerSupport.pdbdb" source: wid3i48Egy.exe, 00000001.00000002.495150715.0000000006600000.00000004.00000001.sdmp |
Source: |
Binary string: System.Runtime.Remoting.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: version.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: RunPE_MemoryProtection.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: onfiguration.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\Microsoft.PythonTools.XamlDesignerSupport.pdbdb. source: wid3i48Egy.exe, 00000001.00000002.495150715.0000000006600000.00000004.00000001.sdmp |
Source: |
Binary string: wintrust.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: System.Xml.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: System.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: rawing.pdb{{!V source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: ore.ni.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: wid3i48Egy.exe, 00000001.00000002.455483465.000000000302E000.00000004.00000001.sdmp |
Source: |
Binary string: oleaut32.pdbk source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: ore.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: ml.pdb, source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: System.Windows.Forms.pdb source: WerFault.exe, 0000001F.00000003.478972347.0000000004C00000.00000004.00000001.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000001F.00000003.479216820.0000000004D10000.00000004.00000040.sdmp |
Source: |
Binary string: Microsoft.PythonTools.XamlDesignerSupport.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: psapi.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: WMINet_Utils.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: cldapi.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: System.Core.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000001F.00000003.478301698.0000000004D11000.00000004.00000040.sdmp |
Source: |
Binary string: mscoreei.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: Amsi.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Management.pdbS source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: System.Drawing.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: combase.pdbk source: WerFault.exe, 0000001F.00000003.479268284.0000000004D13000.00000004.00000040.sdmp |
Source: |
Binary string: System.Core.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Windows.Forms.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: System.Xml.ni.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: OneCoreUAPCommonProxyStub.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdbk source: WerFault.exe, 0000001F.00000003.478301698.0000000004D11000.00000004.00000040.sdmp |
Source: |
Binary string: ore.pdbk source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: svchost.PDB source: svchost.exe, 0000001E.00000000.613136292.0000000000FA8000.00000004.00000001.sdmp |
Source: |
Binary string: untime.Remoting.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: wbemprox.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: System.ni.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: crypt32.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: edputil.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: unknown |
Process created: C:\Users\user\Desktop\wid3i48Egy.exe 'C:\Users\user\Desktop\wid3i48Egy.exe' |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run |
|
Source: C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe |
Process created: C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe' /SpecialRun 4101d8 6616 |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\wid3i48Egy.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\wid3i48Egy.exe' -Force |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\wid3i48Egy.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\wid3i48Egy.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Users\user\Desktop\wid3i48Egy.exe C:\Users\user\Desktop\wid3i48Egy.exe |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4808 -ip 4808 |
|
Source: unknown |
Process created: C:\Program Files\Common Files\system\7957F23F\svchost.exe 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 2192 |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Users\user\AppData\Local\Temp\ea0fb9e7-7fff-4d3b-8736-3e1f935afa8e\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ea0fb9e7-7fff-4d3b-8736-3e1f935afa8e\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ea0fb9e7-7fff-4d3b-8736-3e1f935afa8e\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run |
|
Source: unknown |
Process created: C:\Program Files\Common Files\system\7957F23F\svchost.exe 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Users\user\AppData\Local\Temp\9d867b4e-5195-4596-afb6-59f3900a9b34\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\9d867b4e-5195-4596-afb6-59f3900a9b34\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\9d867b4e-5195-4596-afb6-59f3900a9b34\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Process created: C:\Users\user\AppData\Local\Temp\a9800ad9-c2cc-4c67-8ff4-d2bc72b8dec6\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\a9800ad9-c2cc-4c67-8ff4-d2bc72b8dec6\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\a9800ad9-c2cc-4c67-8ff4-d2bc72b8dec6\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run |
|
Source: C:\Users\user\AppData\Local\Temp\9d867b4e-5195-4596-afb6-59f3900a9b34\AdvancedRun.exe |
Process created: C:\Users\user\AppData\Local\Temp\9d867b4e-5195-4596-afb6-59f3900a9b34\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\9d867b4e-5195-4596-afb6-59f3900a9b34\AdvancedRun.exe' /SpecialRun 4101d8 160 |
|
Source: C:\Windows\System32\conhost.exe |
Process created: C:\Users\user\AppData\Local\Temp\a9800ad9-c2cc-4c67-8ff4-d2bc72b8dec6\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\a9800ad9-c2cc-4c67-8ff4-d2bc72b8dec6\AdvancedRun.exe' /SpecialRun 4101d8 6628 |
|
Source: C:\Users\user\AppData\Local\Temp\ea0fb9e7-7fff-4d3b-8736-3e1f935afa8e\AdvancedRun.exe |
Process created: C:\Users\user\AppData\Local\Temp\ea0fb9e7-7fff-4d3b-8736-3e1f935afa8e\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ea0fb9e7-7fff-4d3b-8736-3e1f935afa8e\AdvancedRun.exe' /SpecialRun 4101d8 6792 |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Process created: C:\Users\user\AppData\Local\Temp\1e4f62ac-bca5-4600-b04a-d7891f7e2c9c\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\1e4f62ac-bca5-4600-b04a-d7891f7e2c9c\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\1e4f62ac-bca5-4600-b04a-d7891f7e2c9c\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Process created: C:\Program Files\Common Files\system\7957F23F\svchost.exe C:\Program Files\Common Files\System\7957F23F\svchost.exe |
|
Source: C:\Users\user\AppData\Local\Temp\1e4f62ac-bca5-4600-b04a-d7891f7e2c9c\AdvancedRun.exe |
Process created: C:\Users\user\AppData\Local\Temp\1e4f62ac-bca5-4600-b04a-d7891f7e2c9c\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\1e4f62ac-bca5-4600-b04a-d7891f7e2c9c\AdvancedRun.exe' /SpecialRun 4101d8 6168 |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4592 -ip 4592 |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7036 -ip 7036 |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\wid3i48Egy.exe' -Force |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\wid3i48Egy.exe' -Force |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\wid3i48Egy.exe' -Force |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\wid3i48Egy.exe' -Force |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process created: C:\Users\user\Desktop\wid3i48Egy.exe C:\Users\user\Desktop\wid3i48Egy.exe |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe |
Process created: C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe' /SpecialRun 4101d8 6616 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Users\user\AppData\Local\Temp\ea0fb9e7-7fff-4d3b-8736-3e1f935afa8e\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ea0fb9e7-7fff-4d3b-8736-3e1f935afa8e\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ea0fb9e7-7fff-4d3b-8736-3e1f935afa8e\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Users\user\AppData\Local\Temp\9d867b4e-5195-4596-afb6-59f3900a9b34\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\9d867b4e-5195-4596-afb6-59f3900a9b34\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\9d867b4e-5195-4596-afb6-59f3900a9b34\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe' -Force |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4808 -ip 4808 |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 2192 |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process created: unknown unknown |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Process created: C:\Users\user\AppData\Local\Temp\a9800ad9-c2cc-4c67-8ff4-d2bc72b8dec6\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\a9800ad9-c2cc-4c67-8ff4-d2bc72b8dec6\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\a9800ad9-c2cc-4c67-8ff4-d2bc72b8dec6\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\System\7957F23F\svchost.exe' -Force |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Process created: C:\Program Files\Common Files\system\7957F23F\svchost.exe C:\Program Files\Common Files\System\7957F23F\svchost.exe |
|
Source: C:\Users\user\AppData\Local\Temp\ea0fb9e7-7fff-4d3b-8736-3e1f935afa8e\AdvancedRun.exe |
Process created: C:\Users\user\AppData\Local\Temp\ea0fb9e7-7fff-4d3b-8736-3e1f935afa8e\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ea0fb9e7-7fff-4d3b-8736-3e1f935afa8e\AdvancedRun.exe' /SpecialRun 4101d8 6792 |
|
Source: C:\Users\user\AppData\Local\Temp\9d867b4e-5195-4596-afb6-59f3900a9b34\AdvancedRun.exe |
Process created: C:\Users\user\AppData\Local\Temp\9d867b4e-5195-4596-afb6-59f3900a9b34\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\9d867b4e-5195-4596-afb6-59f3900a9b34\AdvancedRun.exe' /SpecialRun 4101d8 160 |
|
Source: C:\Users\user\AppData\Local\Temp\a9800ad9-c2cc-4c67-8ff4-d2bc72b8dec6\AdvancedRun.exe |
Process created: C:\Users\user\AppData\Local\Temp\a9800ad9-c2cc-4c67-8ff4-d2bc72b8dec6\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\a9800ad9-c2cc-4c67-8ff4-d2bc72b8dec6\AdvancedRun.exe' /SpecialRun 4101d8 6628 |
|
Source: C:\Users\user\AppData\Local\Temp\1e4f62ac-bca5-4600-b04a-d7891f7e2c9c\AdvancedRun.exe |
Process created: C:\Users\user\AppData\Local\Temp\1e4f62ac-bca5-4600-b04a-d7891f7e2c9c\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\1e4f62ac-bca5-4600-b04a-d7891f7e2c9c\AdvancedRun.exe' /SpecialRun 4101d8 6168 |
|
Source: |
Binary string: rsaenh.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: symbols\exe\Microsoft.PythonTools.XamlDesignerSupport.pdb source: wid3i48Egy.exe, 00000001.00000002.444276755.0000000000BD7000.00000004.00000001.sdmp, svchost.exe, 0000001E.00000000.613136292.0000000000FA8000.00000004.00000001.sdmp |
Source: |
Binary string: anagement.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: System.ni.pdb% source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: onfiguration.ni.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 0000001F.00000003.479216820.0000000004D10000.00000004.00000040.sdmp |
Source: |
Binary string: wbemcomn.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: Microsoft.PythonTools.XamlDesignerSupport.pdbk source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: moryProtection.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb8 source: wid3i48Egy.exe, 00000001.00000002.495150715.0000000006600000.00000004.00000001.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: ml.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: clr.pdb source: WerFault.exe, 0000001F.00000003.479216820.0000000004D10000.00000004.00000040.sdmp |
Source: |
Binary string: .ni.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: cryptsp.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: urlmon.pdbA source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: ility.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: System.ni.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdbst source: wid3i48Egy.exe, 00000001.00000002.495150715.0000000006600000.00000004.00000001.sdmp |
Source: |
Binary string: E:\A\_work\681\b\raw\obj\XamlDesignerSupport\Microsoft.PythonTools.XamlDesignerSupport.pdbSystem\7957F23F\svchost.PDBn source: svchost.exe, 0000001E.00000000.613136292.0000000000FA8000.00000004.00000001.sdmp |
Source: |
Binary string: ntmarta.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: CLBCatQ.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: urlmon.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: System.Configuration.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: E:\A\_work\681\b\raw\obj\XamlDesignerSupport\Microsoft.PythonTools.XamlDesignerSupport.pdb source: wid3i48Egy.exe, 7B71FC14.exe, 0000000E.00000000.393050188.00000000009FD000.00000002.00020000.sdmp, 7B71FC14.exe, 00000017.00000000.407144547.00000000004ED000.00000002.00020000.sdmp, wid3i48Egy.exe, 0000001B.00000000.435110036.000000000084D000.00000002.00020000.sdmp, svchost.exe, 0000001E.00000000.613136292.0000000000FA8000.00000004.00000001.sdmp, svchost.exe, 00000022.00000000.460168602.000000000021D000.00000002.00020000.sdmp |
Source: |
Binary string: crypt32.pdb; source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 0000001F.00000003.479268284.0000000004D13000.00000004.00000040.sdmp |
Source: |
Binary string: mscorlib.ni.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: ole32.pdbu source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Xml.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: indows.Forms.pdb source: WerFault.exe, 0000001F.00000003.478678016.0000000004C27000.00000004.00000001.sdmp |
Source: |
Binary string: dwmapi.pdbE source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: i.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: anagement.pdb{{!V source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: dwmapi.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: mscoree.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: ws2_32.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: WLDP.pdbG source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: System.Runtime.Remoting.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: shlwapi.pdbk source: WerFault.exe, 0000001F.00000003.479268284.0000000004D13000.00000004.00000040.sdmp |
Source: |
Binary string: E:\A\_work\681\b\raw\obj\XamlDesignerSupport\Microsoft.PythonTools.XamlDesignerSupport.pdb@1d source: wid3i48Egy.exe, 00000001.00000002.444276755.0000000000BD7000.00000004.00000001.sdmp |
Source: |
Binary string: (POltC:\Windows\Microsoft.PythonTools.XamlDesignerSupport.pdb source: wid3i48Egy.exe, 00000001.00000002.444276755.0000000000BD7000.00000004.00000001.sdmp |
Source: |
Binary string: version.pdbS source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Configuration.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: System.Configuration.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: iertutil.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: clrcompression.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdbI source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: mscorlib.ni.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: msasn1.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: mscorlib.pdb source: wid3i48Egy.exe, 00000001.00000002.455483465.000000000302E000.00000004.00000001.sdmp, WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: wimm32.pdbg source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: C:\Program Files\Common Files\System\7957F23F\svchost.PDB source: svchost.exe, 0000001E.00000000.613136292.0000000000FA8000.00000004.00000001.sdmp |
Source: |
Binary string: comctl32v582.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Drawing.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 0000001F.00000003.479268284.0000000004D13000.00000004.00000040.sdmp |
Source: |
Binary string: System.Management.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: KC:\Users\user\Desktop\wid3i48Egy.PDB source: wid3i48Egy.exe, 00000001.00000002.444276755.0000000000BD7000.00000004.00000001.sdmp |
Source: |
Binary string: t.PythonTools.XamlDesignerSupport.pdb source: WerFault.exe, 0000001F.00000003.478678016.0000000004C27000.00000004.00000001.sdmp |
Source: |
Binary string: wintrust.pdb7 source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: Accessibility.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: wntdll.pdbk source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: Amsi.pdbO source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: (P*ltC:\Windows\Microsoft.PythonTools.XamlDesignerSupport.pdb source: svchost.exe, 0000001E.00000000.613136292.0000000000FA8000.00000004.00000001.sdmp |
Source: |
Binary string: ml.ni.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: WinTypes.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: WMINet_Utils.pdb) source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: rsaenh.pdby source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: Accessibility.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: C:\Windows\Resources\new\Repo\Debug\private\RUNPE\JabrezRPE\JabrezRPE\obj\Debug\RunPE_MemoryProtection.pdb source: wid3i48Egy.exe, 00000001.00000002.472144141.0000000004008000.00000004.00000001.sdmp, svchost.exe, 0000001E.00000003.555361080.0000000004C44000.00000004.00000001.sdmp |
Source: |
Binary string: rawing.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: System.Management.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: mscorlib.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: wwin32u.pdba source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: t.VisualBasic.pdb source: WerFault.exe, 0000001F.00000003.478678016.0000000004C27000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Core.ni.pdb% source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: s.pdb source: svchost.exe, 0000001E.00000000.613136292.0000000000FA8000.00000004.00000001.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 0000001F.00000003.479216820.0000000004D10000.00000004.00000040.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Core.ni.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: Microsoft.PythonTools.XamlDesignerSupport.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: wbemprox.pdb1 source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: userenv.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbg source: wid3i48Egy.exe, 00000001.00000002.495150715.0000000006600000.00000004.00000001.sdmp |
Source: |
Binary string: System.Core.ni.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: clrjit.pdb] source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Xml.ni.pdbT source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: diasymreader.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: System.Runtime.Remoting.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: wUxTheme.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.StateRepositoryPS.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: mscorlib.ni.pdb% source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: E:\A\_work\681\b\raw\obj\XamlDesignerSupport\Microsoft.PythonTools.XamlDesignerSupport.pdbQVisual source: wid3i48Egy.exe, 00000001.00000002.444276755.0000000000BD7000.00000004.00000001.sdmp |
Source: |
Binary string: comctl32v582.pdb) source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: wmiutils.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: System.ni.pdbT3 source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: System.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: System.Xml.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: E:\A\_work\681\b\raw\obj\XamlDesignerSupport\Microsoft.PythonTools.XamlDesignerSupport.pdb4437-8B11-F424491E3931}\Servererver32x7Bix7Bi source: wid3i48Egy.exe, 00000001.00000002.495583184.0000000006628000.00000004.00000001.sdmp |
Source: |
Binary string: Accessibility.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Drawing.pdbS source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: c:\Projects\VS2005\AdvancedRun\Release\AdvancedRun.pdb source: AdvancedRun.exe, 00000003.00000000.361426173.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000004.00000000.364896267.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000021.00000000.454092205.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000023.00000002.482058843.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000024.00000000.472401551.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000025.00000002.481100139.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000026.00000002.488960045.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000027.00000000.495638853.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000037.00000002.602930696.000000000040C000.00000002.00020000.sdmp |
Source: |
Binary string: System.Xml.ni.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 0000001F.00000003.479216820.0000000004D10000.00000004.00000040.sdmp |
Source: |
Binary string: WLDP.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: wid3i48Egy.PDB source: wid3i48Egy.exe, 00000001.00000002.444276755.0000000000BD7000.00000004.00000001.sdmp |
Source: |
Binary string: clrjit.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: ZlC:\Users\user\Desktop\Microsoft.PythonTools.XamlDesignerSupport.pdb source: wid3i48Egy.exe, 00000001.00000002.444276755.0000000000BD7000.00000004.00000001.sdmp |
Source: |
Binary string: propsys.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: fastprox.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: wbemsvc.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\Microsoft.PythonTools.XamlDesignerSupport.pdbdb" source: wid3i48Egy.exe, 00000001.00000002.495150715.0000000006600000.00000004.00000001.sdmp |
Source: |
Binary string: System.Runtime.Remoting.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: version.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: RunPE_MemoryProtection.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: onfiguration.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\Microsoft.PythonTools.XamlDesignerSupport.pdbdb. source: wid3i48Egy.exe, 00000001.00000002.495150715.0000000006600000.00000004.00000001.sdmp |
Source: |
Binary string: wintrust.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: System.Xml.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: System.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: rawing.pdb{{!V source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: ore.ni.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: wid3i48Egy.exe, 00000001.00000002.455483465.000000000302E000.00000004.00000001.sdmp |
Source: |
Binary string: oleaut32.pdbk source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: ore.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: ml.pdb, source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: System.Windows.Forms.pdb source: WerFault.exe, 0000001F.00000003.478972347.0000000004C00000.00000004.00000001.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000001F.00000003.479216820.0000000004D10000.00000004.00000040.sdmp |
Source: |
Binary string: Microsoft.PythonTools.XamlDesignerSupport.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: psapi.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: WMINet_Utils.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: cldapi.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: System.Core.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000001F.00000003.478301698.0000000004D11000.00000004.00000040.sdmp |
Source: |
Binary string: mscoreei.pdb source: WerFault.exe, 0000001F.00000003.478578110.0000000004C11000.00000004.00000001.sdmp |
Source: |
Binary string: Amsi.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Management.pdbS source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: System.Drawing.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: combase.pdbk source: WerFault.exe, 0000001F.00000003.479268284.0000000004D13000.00000004.00000040.sdmp |
Source: |
Binary string: System.Core.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: System.Windows.Forms.pdbx source: WerFault.exe, 0000001F.00000002.603640488.0000000004F20000.00000004.00000001.sdmp |
Source: |
Binary string: System.Xml.ni.pdb, source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: OneCoreUAPCommonProxyStub.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdbk source: WerFault.exe, 0000001F.00000003.478301698.0000000004D11000.00000004.00000040.sdmp |
Source: |
Binary string: ore.pdbk source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 0000001F.00000003.478352032.0000000004D16000.00000004.00000040.sdmp |
Source: |
Binary string: svchost.PDB source: svchost.exe, 0000001E.00000000.613136292.0000000000FA8000.00000004.00000001.sdmp |
Source: |
Binary string: untime.Remoting.pdb source: WerFault.exe, 0000001F.00000003.478737743.0000000004D28000.00000004.00000001.sdmp |
Source: |
Binary string: wbemprox.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: System.ni.pdb source: WerFault.exe, 0000001F.00000003.478480047.0000000004D27000.00000004.00000001.sdmp |
Source: |
Binary string: crypt32.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: |
Binary string: edputil.pdb source: WerFault.exe, 0000001F.00000003.478027246.0000000004D1A000.00000004.00000040.sdmp |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\bb4197c2-3ca2-421e-81c6-d61dd7f23509\AdvancedRun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Queries volume information: C:\Users\user\Desktop\wid3i48Egy.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
|
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7B71FC14.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Queries volume information: C:\Users\user\Desktop\wid3i48Egy.exe VolumeInformation |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
|
Source: C:\Users\user\Desktop\wid3i48Egy.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Queries volume information: C:\Program Files\Common Files\system\7957F23F\svchost.exe VolumeInformation |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Queries volume information: C:\Program Files\Common Files\system\7957F23F\svchost.exe VolumeInformation |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
|
Source: C:\Program Files\Common Files\system\7957F23F\svchost.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation |
|