Source: tmp8939.bat.0.dr | String found in binary or memory: http://agrd.io/tvapk |
Source: svchost.exe, 0000000C.00000002.3240453687.000001C0DF210000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.ver) |
Source: qmgr.db.12.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU |
Source: qmgr.db.12.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n |
Source: qmgr.db.12.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/ |
Source: qmgr.db.12.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567 |
Source: qmgr.db.12.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg |
Source: qmgr.db.12.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe |
Source: edb.log.12.dr | String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20 |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://9to5google.com/guides/android-tv/ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://adguard.com/adguard-android-tv/overview.html |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://api.github.com/repos/0x192/universal-android-debloater/releases |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://api.github.com/repos/Genymobile/scrcpy/releases/latest |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://api.github.com/repos/K3V1991/ADB-and-FastbootPlusPlus/releases/latest |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://api.github.com/repos/codefaktor/FTVLaunchX/releases/latest |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://api.github.com/repos/mirfatif/PermissionManagerX/releases/latest |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://api.github.com/repos/realOxy/M3UAndroid/releases/latest |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://api.github.com/repos/spocky/miproja1/releases/latest |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://apkins.aptoide.com/AptoideTV-5.1.2.apk |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://atvlauncher.trekgonewild.de/ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://f-droid.org/repo/news.androidtv.launchonboot_12.apk |
Source: edb.log.12.dr | String found in binary or memory: https://g.live.com/odclientsettings/Prod/C: |
Source: svchost.exe, 0000000C.00000003.2009056822.000001C0DEFA0000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.12.dr, edb.log.12.dr | String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C: |
Source: svchost.exe, 0000000C.00000002.3240453687.000001C0DF200000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://github.com/ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://github.com/0x192/universal-android-debloater#universal-android-debloater-gui |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://github.com/0x192/universal-android-debloater/releases/download/%ver_debloater%/uad_gui-windo |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://github.com/0x192/universal-android-debloater/wiki/FAQ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://github.com/Free-TV/IPTV?tab=readme-ov-file#free-tv |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://github.com/Genymobile/scrcpy |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://github.com/Genymobile/scrcpy/blob/master/doc/shortcuts.md#shortcuts |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://github.com/Genymobile/scrcpy/releases/download/%ver_scrcpy%/scrcpy-win%arquitectura_windows% |
Source: Android TV Tools v3_ES.exe, 00000000.00000002.3239472165.0000000001484000.00000004.00000020.00020000.00000000.sdmp, tmp8939.bat.0.dr | String found in binary or memory: https://github.com/K3V1991/ADB-and-FastbootPlusPlus |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://github.com/K3V1991/ADB-and-FastbootPlusPlus/releases/download/%ver_adb%/ADB-and-Fastboot |
Source: svchost.exe, 0000000C.00000002.3240662557.000001C0DF2C6000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://github.com/c50 |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://github.com/codefaktor/FTVLaunchX/blob/develop/README.md |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://github.com/codefaktor/FTVLaunchX/releases/download/v1.0.1/FTVLaunchX-1.0.1.apk |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://github.com/iptv-org/iptv?tab=readme-ov-file#playlists |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://github.com/mirfatif/PermissionManagerX/releases/download/%ver_PMX%/PMX_%ver_PMX%.apk |
Source: svchost.exe, 0000000C.00000002.3240579838.000001C0DF295000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000C.00000002.3239974063.000001C0DA302000.00000004.00000020.00020000.00000000.sdmp, tmp8939.bat.0.dr | String found in binary or memory: https://github.com/tenox7/cmdmax/releases/download/2.0/cmdmax-x86.exe |
Source: edb.log.12.dr | String found in binary or memory: https://github.com/tenox7/cmdmax/releases/download/2.0/cmdmax-x86.exeAC: |
Source: svchost.exe, 0000000C.00000002.3240579838.000001C0DF260000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://github.com:443/tenox7/cmdmax/releases/download/2.0/cmdmax-x86.exe |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://gitlab.com/AuroraOSS/AuroraStore/uploads/ac32503aee88c6d1067dad57f3f92e09/AuroraStore_4.3.5. |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://gitlab.com/flauncher/flauncher/-/releases/0.18.0/downloads/flauncher-0.18.0.apk |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://ipinfo.io |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://iptv-org.github.io/ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://kutt.it/stn_beta |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://kutt.it/stn_bridge_amazon |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://kutt.it/stn_bridge_atv |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://kutt.it/stn_stable |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://mirfatif.github.io/PermissionManagerX/ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://mirfatif.github.io/PermissionManagerX/help/en/ |
Source: svchost.exe, 0000000C.00000002.3240662557.000001C0DF2D1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000C.00000002.3240579838.000001C0DF295000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://objects.githubusercontent.com/ |
Source: svchost.exe, 0000000C.00000002.3240662557.000001C0DF2E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000C.00000002.3239974063.000001C0DA302000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/50417431/6e51c424-c3ca- |
Source: svchost.exe, 0000000C.00000002.3240579838.000001C0DF260000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://objects.githubusercontent.com:443 |
Source: qmgr.db.12.dr | String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C: |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://play.google.com/store/apps/details?id=%%%%j |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://play.google.com/store/apps/details?id=ar.tvplayer.tv |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://play.google.com/store/apps/details?id=com.neilturner.aerialviews |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://play.google.com/store/apps/details?id=com.tdtchannels.player |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://play.google.com/store/apps/details?id=com.wiseplay |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://play.google.com/store/apps/details?id=flar2.homebutton |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://play.google.com/store/apps/details?id=org.xbmc.kodi |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://smarttubeapp.github.io/ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://www.adslzone.net/reportajes/tv-streaming/que-es-tecnologia-iptv/#395576-que-son-las-listas-i |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://www.androidpolice.com/2021/01/30/how-to-remap-remote-buttons-take-screenshot-chromecast-with |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://www.androidtv-guide.com/ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://www.reddit.com/r/AndroidTV/ |
Source: Android TV Tools v3_ES.exe, 00000000.00000002.3239472165.0000000001484000.00000004.00000020.00020000.00000000.sdmp, tmp8939.bat.0.dr | String found in binary or memory: https://www.reddit.com/r/AndroidTV/comments/1ajkxbk/tool_allinone_tool_for_windows_android_tv_tools_ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://www.tdtchannels.com/listas |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://xdaforums.com/attachments/aapt-arm-pie-zip.6053069/ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://xdaforums.com/attachments/countries-list-txt.6067313/ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://xdaforums.com/attachments/google-installer_3-0-apk.6052043/ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://xdaforums.com/attachments/google-play-apk.6050959/ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://xdaforums.com/attachments/google-play-store_v38-7-29-apk.6052033/ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://xdaforums.com/attachments/google-tv-home_1-0-591121582-apk.6051727/ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://xdaforums.com/attachments/wifi-pro-ftp-server_v1-9-5-build-74-apk.5924749/ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://xdaforums.com/c/android-tv.4276/ |
Source: tmp8939.bat.0.dr | String found in binary or memory: https://xdaforums.com/t/how-to-prepare-smartwatch-for-advanced-functions.4511103/ |
Source: Android TV Tools v3_ES.exe, 00000000.00000002.3239472165.0000000001484000.00000004.00000020.00020000.00000000.sdmp, tmp8939.bat.0.dr | String found in binary or memory: https://xdaforums.com/t/tool-all-in-one-tool-for-windows-android-tv-tools-v2.4648239/ |
Source: unknown | Process created: C:\Users\user\Desktop\Android TV Tools v3_ES.exe "C:\Users\user\Desktop\Android TV Tools v3_ES.exe" | |
Source: C:\Users\user\Desktop\Android TV Tools v3_ES.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\Android TV Tools v3_ES.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c if not exist "C:\Users\user\AppData\Local\Temp\afolder" mkdir "C:\Users\user\AppData\Local\Temp\afolder" | |
Source: C:\Users\user\Desktop\Android TV Tools v3_ES.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c if not exist "C:\Users\user\AppData\Local\Temp\ytmp" mkdir "C:\Users\user\AppData\Local\Temp\ytmp" | |
Source: C:\Users\user\Desktop\Android TV Tools v3_ES.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c attrib +h C:\Users\user\AppData\Local\Temp\ytmp | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\attrib.exe attrib +h C:\Users\user\AppData\Local\Temp\ytmp | |
Source: C:\Users\user\Desktop\Android TV Tools v3_ES.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c if exist "C:\Users\user\AppData\Local\Temp\ytmp\tmp8939.bat" del "C:\Users\user\AppData\Local\Temp\ytmp\tmp8939.bat" | |
Source: C:\Users\user\Desktop\Android TV Tools v3_ES.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c if exist "C:\Users\user\AppData\Local\Temp\ytmp\tmp4785.exe" del "C:\Users\user\AppData\Local\Temp\ytmp\tmp4785.exe" | |
Source: C:\Users\user\Desktop\Android TV Tools v3_ES.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\ytmp\tmp8939.bat "C:\Users\user\Desktop\Android TV Tools v3_ES.exe" | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\PING.EXE ping google.com -n 1 | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Start-bitsTransfer -Source https://github.com/tenox7/cmdmax/releases/download/2.0/cmdmax-x86.exe -Destination 'Android TV Tools - Aux Files\cmdmax.exe'" | |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Users\user\Desktop\Android TV Tools - Aux Files\cmdmax.exe "Android TV Tools - Aux Files\cmdmax.exe" 20 234 120 31 120 9999 | |
Source: C:\Users\user\Desktop\Android TV Tools v3_ES.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c if not exist "C:\Users\user\AppData\Local\Temp\afolder" mkdir "C:\Users\user\AppData\Local\Temp\afolder" | Jump to behavior |
Source: C:\Users\user\Desktop\Android TV Tools v3_ES.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c if not exist "C:\Users\user\AppData\Local\Temp\ytmp" mkdir "C:\Users\user\AppData\Local\Temp\ytmp" | Jump to behavior |
Source: C:\Users\user\Desktop\Android TV Tools v3_ES.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c attrib +h C:\Users\user\AppData\Local\Temp\ytmp | Jump to behavior |
Source: C:\Users\user\Desktop\Android TV Tools v3_ES.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c if exist "C:\Users\user\AppData\Local\Temp\ytmp\tmp8939.bat" del "C:\Users\user\AppData\Local\Temp\ytmp\tmp8939.bat" | Jump to behavior |
Source: C:\Users\user\Desktop\Android TV Tools v3_ES.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c if exist "C:\Users\user\AppData\Local\Temp\ytmp\tmp4785.exe" del "C:\Users\user\AppData\Local\Temp\ytmp\tmp4785.exe" | Jump to behavior |
Source: C:\Users\user\Desktop\Android TV Tools v3_ES.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\ytmp\tmp8939.bat "C:\Users\user\Desktop\Android TV Tools v3_ES.exe" | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\attrib.exe attrib +h C:\Users\user\AppData\Local\Temp\ytmp | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\PING.EXE ping google.com -n 1 | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Start-bitsTransfer -Source https://github.com/tenox7/cmdmax/releases/download/2.0/cmdmax-x86.exe -Destination 'Android TV Tools - Aux Files\cmdmax.exe'" | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Users\user\Desktop\Android TV Tools - Aux Files\cmdmax.exe "Android TV Tools - Aux Files\cmdmax.exe" 20 234 120 31 120 9999 | Jump to behavior |
Source: C:\Users\user\Desktop\Android TV Tools v3_ES.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Android TV Tools v3_ES.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\attrib.exe | Section loaded: ulib.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\attrib.exe | Section loaded: fsutilext.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: cmdext.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\PING.EXE | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\PING.EXE | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\PING.EXE | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\PING.EXE | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\PING.EXE | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\PING.EXE | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: bitsproxy.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: qmgr.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: bitsperf.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: xmllite.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: esent.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: fwbase.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: flightsettings.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: netprofm.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: npmproxy.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: bitsigd.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: upnp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ssdpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: appxdeploymentclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wsmauto.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: miutils.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wsmsvc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dsrole.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: pcwum.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msv1_0.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ntlmshared.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptdll.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: rmclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: usermgrcli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: execmodelclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: execmodelproxy.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: vssapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: vsstrace.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: samlib.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: es.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: bitsproxy.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Android TV Tools - Aux Files\cmdmax.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |