Source: powershell.exe, 00000015.00000002.2010987128.00000285644C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2010987128.0000028564480000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://blogspot.l.googleusercontent.com |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: powershell.exe, 00000015.00000002.2106194613.000002857BCD8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.m? |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: powershell.exe, 00000015.00000002.2010987128.00000285644C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2010987128.0000028564480000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://hoot11nov.blogspot.com |
Source: powershell.exe, 00000002.00000002.2198977448.0000016791CB6000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0A |
Source: powershell.exe, 00000002.00000002.1962597156.0000016781E62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://s.symcd.com06 |
Source: powershell.exe, 00000002.00000002.1962597156.0000016781FD7000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/ |
Source: powershell.exe, 00000002.00000002.1962597156.0000016781C41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2010987128.0000028563A33000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100001000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000002.00000002.1962597156.0000016781FD7000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/wsdl/ |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: powershell.exe, 00000002.00000002.1962597156.0000016781E62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: powershell.exe, 00000002.00000002.1962597156.0000016781E62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://11-14hotelmain.blogspot.com |
Source: powershell.exe, 00000002.00000002.1962597156.0000016781E62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://11-14hotelmain.blogspot.com///////chutmarao.pdf |
Source: powershell.exe, 00000002.00000002.1962597156.0000016781C41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1961535587.0000016781740000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://11-14hotelmain.blogspot.com///////chutmarao.pdf);Start-Sleep |
Source: powershell.exe, 00000002.00000002.1961535587.0000016781740000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://11-14hotelmain.blogspot.com///////chutmarao.pdf);Start-Sleep-Seconds3; |
Source: powershell.exe, 00000002.00000002.1962597156.0000016781E62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://11-14hotelmain.blogspot.com///////chutmarao.pdfx. |
Source: OpenWith.exe, 00000010.00000002.2585441248.0000000002F9C000.00000004.00000010.00020000.00000000.sdmp | String found in binary or memory: https://185.196.8.68:9367/ab43097ee4f6e091aed46f79/88pw46v5.ki88g |
Source: OpenWith.exe, 00000010.00000002.2585441248.0000000002F9C000.00000004.00000010.00020000.00000000.sdmp | String found in binary or memory: https://185.196.8.68:9367/ab43097ee4f6e091aed46f79/88pw46v5.ki88g( |
Source: powershell.exe, 00000002.00000002.1962597156.0000016781C41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2010987128.0000028563A33000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2010987128.0000028563A6D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100001000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000002.00000002.1962597156.00000167849DF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/winsvr-2022-pshelp |
Source: powershell.exe, 00000002.00000002.1962597156.0000016781FD7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://bitbucket.org |
Source: powershell.exe, 00000002.00000002.1962597156.0000016781FD7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100223000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://bitbucket.org/ |
Source: powershell.exe, 00000002.00000002.2198977448.0000016791CB6000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000002.00000002.2198977448.0000016791CB6000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000002.00000002.2198977448.0000016791CB6000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://d.symcb.com/cps0% |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: powershell.exe, 00000002.00000002.2198977448.0000016792383000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100352000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://d.symcb.com/rpa0. |
Source: powershell.exe, 00000002.00000002.1962597156.0000016781E62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000015.00000002.2010987128.0000028563F20000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://go.micro |
Source: mshta.exe, 00000014.00000003.2147333724.0000024948226000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000014.00000003.2154659396.0000024948226000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000014.00000002.2156268776.0000024948226000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://hoot11nov.blogs |
Source: powershell.exe, 00000015.00000002.2010987128.00000285641EE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2010987128.00000285644AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2589446722.0000023100223000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://hoot11nov.blogspot.com |
Source: powershell.exe, 0000001F.00000002.2589446722.0000023100223000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://hoot11nov.blogspot.com////loka.pdf |
Source: powershell.exe, 0000001F.00000002.2589446722.0000023100001000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://hoot11nov.blogspot.com////loka.pdf) |
Source: powershell.exe, 00000015.00000002.2010987128.0000028563EB6000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://hoot11nov.blogspot.com////loka.pdfX |
Source: powershell.exe, 00000015.00000002.2010987128.00000285644AE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://hoot11nov.blogspot.com/atom.xml |
Source: powershell.exe, 00000002.00000002.2198977448.0000016791CB6000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://nuget.org/nuget.exe |
Source: C:\Windows\System32\wscript.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: jscript.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: scrobj.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: scrrun.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rtutils.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kdscli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: microsoft.management.infrastructure.native.unmanaged.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: miutils.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wmidcom.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe | Section loaded: mscoree.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe | Section loaded: version.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe | Section loaded: wldp.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe | Section loaded: profapi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: amsi.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: userenv.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: profapi.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: version.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: wldp.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: mpr.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: powrprof.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: umpdc.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\SysWOW64\OpenWith.exe | Section loaded: mswsock.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: mshtml.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: iertutil.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: powrprof.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: winhttp.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: netutils.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: umpdc.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: urlmon.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: msiso.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: srpapi.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: msimtf.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: dxgi.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: resourcepolicyclient.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: textinputframework.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: coreuicomponents.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: coremessaging.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: ntmarta.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wintypes.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wintypes.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wintypes.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: dataexchange.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: d3d11.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: dcomp.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: twinapi.appcore.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: jscript9.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: mpr.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: scrrun.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: version.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: sxs.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: propsys.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: profapi.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: edputil.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: windows.staterepositoryps.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: appresolver.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: bcp47langs.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: slc.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: sppc.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: onecorecommonproxystub.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: onecoreuapcommonproxystub.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: ieframe.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: netapi32.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wininet.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: iphlpapi.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: mswsock.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: winnsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iphlpapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dnsapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc6.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winnsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasapi32.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasman.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rtutils.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mswsock.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winhttp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasadhlp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: fwpuclnt.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: schannel.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mskeyprotect.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ntasn1.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncrypt.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncryptsslp.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: mshtml.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: iertutil.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: powrprof.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: winhttp.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: netutils.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: umpdc.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: urlmon.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: msiso.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: srpapi.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: mshtml.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: iertutil.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: powrprof.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: winhttp.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: netutils.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: umpdc.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: urlmon.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: msiso.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: srpapi.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: mshtml.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: iertutil.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: powrprof.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: winhttp.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: netutils.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: umpdc.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: urlmon.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: msiso.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: srpapi.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: msimtf.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: dxgi.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: resourcepolicyclient.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: textinputframework.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: coreuicomponents.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: coremessaging.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: ntmarta.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: coremessaging.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wintypes.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wintypes.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: wintypes.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: dataexchange.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: d3d11.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: dcomp.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: twinapi.appcore.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: jscript9.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: mpr.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: scrrun.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: version.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: sxs.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: propsys.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: profapi.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: edputil.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: windows.staterepositoryps.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: appresolver.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: bcp47langs.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: slc.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: sppc.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: onecorecommonproxystub.dll | |
Source: C:\Windows\System32\mshta.exe | Section loaded: onecoreuapcommonproxystub.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iphlpapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dnsapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc6.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winnsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasapi32.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasman.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rtutils.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mswsock.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winhttp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasadhlp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: fwpuclnt.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: schannel.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mskeyprotect.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ntasn1.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncrypt.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncryptsslp.dll | |