Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetHandler source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMemberRefProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeRefs source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetParent source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.ApplyEditAndContinue source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.Current source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineModuleRef source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNameFromToken source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteFieldMarshal source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindField source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMembers source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteClassLayout source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.IsValidToken source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.Merge source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMemberRef source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetParamProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetParamProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetSaveSize source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindTypeRef source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.ResetEnum source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumProperties source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMethodProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMembersWithName source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetCustomAttributeValue source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineCustomAttribute source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodImpls source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineEvent source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetCustomAttributeByName source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMethod source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.TranslateSigWithScope source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineUserString source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.Save source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeSpecFromToken source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPermissionSetProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNativeCallConvFromSig source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.CountEnum source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodSemantics source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumFields source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethods source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 0000000A.00000002.3263198460.00000000025AD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.3352588129.0000000007C01000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeRefProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: ws\System.Core.pdb source: powershell.exe, 0000000E.00000002.3352588129.0000000007C81000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetSigFromToken source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeSpecs source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.CloseEnum source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetModuleRefProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SaveToMemory source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineTypeRefByName source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetScopeProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: tem.Core.pdb_ source: powershell.exe, 0000000A.00000002.3373832812.0000000006C38000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMember source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPropertyProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: ore.pdb_ source: powershell.exe, 0000000A.00000002.3373832812.0000000006C38000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumParams source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.MergeEnd source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetEventProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumCustomAttributes source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumModuleRefs source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.get_Current source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetCustomAttributeProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetFieldProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: CallSite.Targetore.pdb source: powershell.exe, 0000000E.00000002.3372267954.0000000008D00000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineParam source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteToken source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetClassLayout source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineNestedType source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumUnresolvedMethods source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumPermissionSets source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Managed source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetRVA source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetModuleFromScope source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMethodImpl source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefinePinvokeMap source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineSecurityAttributeSet source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetClassLayout source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMemberRef source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPermissionSetProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetTypeDefProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineProperty source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldRVA source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindTypeDefByName source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetModuleProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumFieldsWithName source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMemberRefs source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.ResolveTypeRef source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SaveToStream source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMethodSemantics source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeDefProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMethod source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNestedClassProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeletePinvokeMap source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetTokenFromTypeSpec source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetMethodImplFlags source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPinvokeMap source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPinvokeMap source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumSignatures source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldMarshal source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumUserStrings source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetRVA source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefinePermissionSet source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetMethodProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPropertyProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: em.Core.pdb, source: powershell.exe, 0000000E.00000002.3352588129.0000000007C81000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetUserString source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetInterfaceImplProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetFieldMarshal source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineTypeDef source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeDefs source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineImportMember source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumInterfaceImpls source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMemberProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineImportType source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetTokenFromSig source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: System.Collections.Generic.IEnumerable<dnlib.DotNet.Pdb.PdbScope>.GetEnumerator source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumEvents source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetParamForMethodIndex source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineField source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodsWithName source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.IsGlobal source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetEventProps source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: H:\New Private Panell Src 3.0 New\New Private Panell Src 3.0 2025\New Private Panell Src 3.0\dnlib-fuscator-master win7\src\obj\Debug\dnlib.pdb source: powershell.exe, 00000002.00000002.2168518859.000001B1E9DA0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp |
Source: powershell.exe, 00000002.00000002.2051614764.000001B1D1AA4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://104.168.45.34 |
Source: powershell.exe, 00000002.00000002.2051614764.000001B1D1AA4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://104.168.45.34/59/LMTS.txt |
Source: powershell.exe, 00000002.00000002.2051614764.000001B1D1AA4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://198.46.176.133 |
Source: powershell.exe, 00000002.00000002.2051614764.000001B1D1AA4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://198.46.176.133/Upload/vbs.jpeg |
Source: powershell.exe, 00000002.00000002.2167362177.000001B1E9A60000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://198.46.176.133/Upload/vbs.jpegM |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertCloudServicesCA-1.crt0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertCloudServicesCA-1-g1.crl0? |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0? |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertCloudServicesCA-1-g1.crl0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0~ |
Source: wscript.exe, 00000005.00000003.2140898625.0000000003281000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2125566333.0000000003306000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2141365751.00000000032A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2124716308.00000000032CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2126019365.000000000332D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.2143150221.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.5.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: wscript.exe, 00000005.00000003.2140898625.0000000003281000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2141365751.00000000032A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.2143150221.00000000032A7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enclE8 |
Source: RegAsm.exe, 00000004.00000002.3267737078.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, bhvCCC4.tmp.7.dr |
String found in binary or memory: http://geoplugin.net/json.gp |
Source: powershell.exe, 00000002.00000002.2109299164.000001B1E269C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2109299164.000001B1E188F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3261739148.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gp/C |
Source: powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3335508177.00000000051FC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://ocsp.digicert.com0: |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://ocsp.digicert.com0H |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://ocsp.digicert.com0I |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://ocsp.msocsp.com0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://ocsp.msocsp.com0S |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://ocspx.digicert.com0E |
Source: powershell.exe, 0000000A.00000002.3272627711.00000000042E5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.2051614764.000001B1D1881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3272627711.0000000004195000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.3272352105.0000000005281000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 0000000A.00000002.3272627711.00000000042E5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://www.digicert.com/CPS0~ |
Source: RegAsm.exe, RegAsm.exe, 00000009.00000002.2121605113.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.ebuddy.com |
Source: RegAsm.exe, RegAsm.exe, 00000009.00000002.2124009469.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2121605113.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.com |
Source: RegAsm.exe, 00000009.00000002.2124009469.00000000011CE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comata |
Source: RegAsm.exe, 00000009.00000002.2121605113.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com |
Source: RegAsm.exe, 00000009.00000002.2121605113.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comr |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: http://www.msftconnecttest.com/connecttest.txt?n=1696428304750 |
Source: RegAsm.exe, 00000007.00000002.2129094375.00000000010F4000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: http://www.nirsoft.net |
Source: RegAsm.exe, 00000009.00000002.2121605113.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.nirsoft.net/ |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=P |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaot |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms |
Source: powershell.exe, 00000002.00000002.2051614764.000001B1D1881000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 0000000A.00000002.3272627711.0000000004195000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.3272352105.0000000005281000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lBjq |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind |
Source: powershell.exe, 0000000A.00000002.3272627711.000000000453D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3272627711.0000000004491000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.w.org/ |
Source: powershell.exe, 0000000A.00000002.3272627711.00000000042E5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro |
Source: powershell.exe, 0000000A.00000002.3335508177.000000000546A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3335508177.0000000005445000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/comments/feed/ |
Source: powershell.exe, 0000000A.00000002.3335508177.000000000546A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3335508177.0000000005445000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/feed/ |
Source: powershell.exe, 0000000A.00000002.3272627711.00000000042E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.3272352105.00000000053D6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/os/transportment.pfm |
Source: powershell.exe, 0000000A.00000002.3335508177.000000000546A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3335508177.0000000005445000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver= |
Source: powershell.exe, 0000000A.00000002.3335508177.000000000546A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3335508177.0000000005445000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.7.2 |
Source: powershell.exe, 0000000A.00000002.3335508177.000000000546A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3335508177.0000000005445000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/wp-content/uploads/elementor/css/post-2731.css?ver=1720763767 |
Source: powershell.exe, 0000000A.00000002.3335508177.000000000546A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3335508177.0000000005445000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/wp-includes/css/dist/block-library/style.min.css?ver=6.6.1 |
Source: powershell.exe, 0000000A.00000002.3272627711.000000000453D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3272627711.0000000004491000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/wp-json/ |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://config.edge.skype.com/config/v1/Skype/1446_8.53.0.77?OSVer=10.0.19045.2006&ClientID=RHTiQUpX |
Source: powershell.exe, 0000000A.00000002.3335508177.00000000051FC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 0000000A.00000002.3335508177.00000000051FC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 0000000A.00000002.3335508177.00000000051FC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://ecs.nel.measure.office.net?TenantId=Skype&DestinationEndpoint=Edge-Prod-LAX31r5a&FrontEnd=AF |
Source: powershell.exe, 0000000A.00000002.3335508177.000000000546A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3335508177.0000000005445000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://fonts.googleapis.com/css?family=Nunito |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://fp-afd-nocache.azureedge.net/apc/trans.gif?77686a33b2eafa1538ef78c3be5a5910 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://fp-afd-nocache.azureedge.net/apc/trans.gif?caa2cf97cacae25a18f577703684ee65 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://fp-afd.azurefd.us/apc/trans.gif?0cf92be82316943650f2ee723bc6949e |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://fp-afd.azurefd.us/apc/trans.gif?94fb5ac9609bcb4cda0bf8acf1827073 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?7e9591e308dbda599df1fc08720a72a3 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?c6a2869c584d2ea23c67c44abe1ec326 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://fp.msedge.net/conf/v1/asgw/fpconfig.min.json |
Source: powershell.exe, 0000000A.00000002.3272627711.00000000042E5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 0000000A.00000002.3335508177.000000000546A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3335508177.0000000005445000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://gmpg.org/xfn/11 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com: |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live |
Source: RegAsm.exe |
String found in binary or memory: https://login.yahoo.com/config/login |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2.css |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOq |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2.js |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://maps.windows.com/windows-app-web-link |
Source: powershell.exe, 0000000A.00000002.3272627711.000000000453D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://new.quranushaiqer.org.sa |
Source: powershell.exe, 0000000A.00000002.3272627711.00000000042E5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://new.quranushaiqer.org.sa/wp-admin/oserve/transportment.pfm0 |
Source: powershell.exe, 0000000E.00000002.3272352105.00000000053D6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://new.quranushaiqer.org.sa/wp-admin/oserve/transportment.pfml |
Source: powershell.exe, 00000002.00000002.2109299164.000001B1E18F3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3335508177.00000000051FC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-04-14-10-35/PreSignInSettingsConfig.json |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/dfb21df16475d4e5b2b0ba41e6c4e842c100b150.xml?OneDriveUpdate=4954a0 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/ew-preload-inline-2523c8c1505f1172be19.js |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-104bffe9378b8041455c.js |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-35de8a913e.css |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-async-styles.a903b7d0ab82e5bd2f8a.chunk.v7.css |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bootstrap-5e7af218e953d095fabf.js |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-0debb885be07c402c948.js |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-994d8943fc9264e2f8d3.css |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-fluent~left-nav-rc.ec3581b6c9e6e9985aa7.chunk.v7.js |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-forms-group~mru~officeforms-group-forms~officeforms |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-left-nav-rc.6c288f9aff9797959103.chunk.v7.js |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-mru.9ba2d4c9e339ba497e10.chunk.v7.js |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendor-bundle-1652fd8b358d589e6ec0.js |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.52c45571d19ede0a7005.chunk.v7.j |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.d918c7fc33e22b41b936.chunk.v7.c |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwaunauth-9d8bc214ac.css |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedfontstyles-27fa2598d8.css |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedscripts-939520eada.js |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticpwascripts-30998bff8f.js |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticstylesfabric-35c34b95e3.css |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/hero-image-desktop-f6720a4145.jpg |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/lockup-mslogo-color-78c06e8898.png |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/microsoft-365-logo-01d5ecd01a.png |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-apps-image-46596a6856.png |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-checkmark-image-1999f0bf81.png |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/versionless/officehome/thirdpartynotice.html |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_regular.woff2 |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_semibold.woff2 |
Source: RegAsm.exe, RegAsm.exe, 00000009.00000002.2121605113.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: RegAsm.exe |
String found in binary or memory: https://www.google.com/accounts/servicelogin |
Source: bhvCCC4.tmp.7.dr |
String found in binary or memory: https://www.office.com/ |
Source: amsi32_7244.amsi.csv, type: OTHER |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: amsi32_7632.amsi.csv, type: OTHER |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: 4.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 4.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 2.2.powershell.exe.1b1e29723d0.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 2.2.powershell.exe.1b1e29723d0.1.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 2.2.powershell.exe.1b1e29723d0.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 2.2.powershell.exe.1b1e29723d0.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 2.2.powershell.exe.1b1e29723d0.1.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 2.2.powershell.exe.1b1e29723d0.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 00000004.00000002.3261739148.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 00000004.00000002.3261739148.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000004.00000002.3261739148.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 00000002.00000002.2109299164.000001B1E188F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 00000002.00000002.2109299164.000001B1E269C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: Process Memory Space: powershell.exe PID: 4432, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: Process Memory Space: powershell.exe PID: 4432, type: MEMORYSTR |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: Process Memory Space: RegAsm.exe PID: 5684, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: Process Memory Space: powershell.exe PID: 7244, type: MEMORYSTR |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: Process Memory Space: powershell.exe PID: 7632, type: MEMORYSTR |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |