| Source: powershell.exe, 00000001.00000002.1763331017.000001EFD100D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1728136588.000001EFC26FC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://nuget.org/NuGet.exe |
| Source: powershell.exe, 00000001.00000002.1728136588.000001EFC2583000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://pesterbdd.com/images/Pester.png |
| Source: powershell.exe, 00000001.00000002.1728136588.000001EFC0F91000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
| Source: powershell.exe, 00000001.00000002.1728136588.000001EFC2197000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
| Source: powershell.exe, 00000001.00000002.1728136588.000001EFC2583000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
| Source: powershell.exe, 00000001.00000002.1728136588.000001EFC0F91000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/pscore68 |
| Source: wscript.exe, 00000000.00000003.1785984248.00000163D4375000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.discordapp.com/ |
| Source: wscript.exe, 00000000.00000002.1789139746.00000163D4455000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.discordapp.com/attac |
| Source: wscript.exe, 00000000.00000003.1708120120.00000163D6330000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.discordapp.com/attachments/129530475716608 |
| Source: wscript.exe, wscript.exe, 00000000.00000003.1708120120.00000163D6330000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1789200260.00000163D6120000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1707617251.00000163D6124000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1707941021.00000163D6124000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.discordapp.com/attachments/1295304757166080020/1316923696 |
| Source: wscript.exe, 00000000.00000002.1789200260.00000163D6122000.00000004.00000020.00020000.00000000.sdmp, PO_11171111221.Vbs.vbs | String found in binary or memory: https://cdn.discordapp.com/attachments/1295304757166080020/1316923696224669696/fore.ps1?ex=675cd044& |
| Source: powershell.exe, 00000001.00000002.1728136588.000001EFC26FC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/ |
| Source: powershell.exe, 00000001.00000002.1728136588.000001EFC26FC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/Icon |
| Source: powershell.exe, 00000001.00000002.1728136588.000001EFC26FC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/License |
| Source: powershell.exe, 00000001.00000002.1728136588.000001EFC2583000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/Pester/Pester |
| Source: wscript.exe, 00000000.00000003.1785872374.00000163D4371000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1789113895.00000163D4378000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1785984248.00000163D4375000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com |
| Source: powershell.exe, 00000001.00000002.1763331017.000001EFD100D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1728136588.000001EFC26FC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://nuget.org/nuget.exe |
| Source: powershell.exe, 00000001.00000002.1728136588.000001EFC2197000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://oneget.org |
| Source: powershell.exe, 00000001.00000002.1728136588.000001EFC2197000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://oneget.orgX |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0042CAA3 NtClose, | 5_2_0042CAA3 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C35C0 NtCreateMutant,LdrInitializeThunk, | 5_2_010C35C0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2B60 NtClose,LdrInitializeThunk, | 5_2_010C2B60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2DF0 NtQuerySystemInformation,LdrInitializeThunk, | 5_2_010C2DF0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2C70 NtFreeVirtualMemory,LdrInitializeThunk, | 5_2_010C2C70 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C3010 NtOpenDirectoryObject, | 5_2_010C3010 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C3090 NtSetValueKey, | 5_2_010C3090 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C4340 NtSetContextThread, | 5_2_010C4340 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C4650 NtSuspendThread, | 5_2_010C4650 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C39B0 NtGetContextThread, | 5_2_010C39B0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2B80 NtQueryInformationFile, | 5_2_010C2B80 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2BA0 NtEnumerateValueKey, | 5_2_010C2BA0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2BE0 NtQueryValueKey, | 5_2_010C2BE0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2BF0 NtAllocateVirtualMemory, | 5_2_010C2BF0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2AB0 NtWaitForSingleObject, | 5_2_010C2AB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2AD0 NtReadFile, | 5_2_010C2AD0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2AF0 NtWriteFile, | 5_2_010C2AF0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2D00 NtSetInformationFile, | 5_2_010C2D00 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C3D10 NtOpenProcessToken, | 5_2_010C3D10 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2D10 NtMapViewOfSection, | 5_2_010C2D10 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2D30 NtUnmapViewOfSection, | 5_2_010C2D30 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C3D70 NtOpenThread, | 5_2_010C3D70 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2DB0 NtEnumerateKey, | 5_2_010C2DB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2DD0 NtDelayExecution, | 5_2_010C2DD0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2C00 NtQueryInformationProcess, | 5_2_010C2C00 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2C60 NtCreateKey, | 5_2_010C2C60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2CA0 NtQueryInformationToken, | 5_2_010C2CA0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2CC0 NtQueryVirtualMemory, | 5_2_010C2CC0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2CF0 NtOpenProcess, | 5_2_010C2CF0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2F30 NtCreateSection, | 5_2_010C2F30 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2F60 NtCreateProcessEx, | 5_2_010C2F60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2F90 NtProtectVirtualMemory, | 5_2_010C2F90 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2FA0 NtQuerySection, | 5_2_010C2FA0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2FB0 NtResumeThread, | 5_2_010C2FB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2FE0 NtCreateFile, | 5_2_010C2FE0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2E30 NtWriteVirtualMemory, | 5_2_010C2E30 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2E80 NtReadVirtualMemory, | 5_2_010C2E80 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2EA0 NtAdjustPrivilegesToken, | 5_2_010C2EA0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C2EE0 NtQueueApcThread, | 5_2_010C2EE0 |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Code function: 3_2_00FA0848 | 3_2_00FA0848 |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Code function: 3_2_00FA1DD0 | 3_2_00FA1DD0 |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Code function: 3_2_00FA07B8 | 3_2_00FA07B8 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0042F0C3 | 5_2_0042F0C3 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0041010A | 5_2_0041010A |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_00410113 | 5_2_00410113 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_004011F0 | 5_2_004011F0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_00416B43 | 5_2_00416B43 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0040E313 | 5_2_0040E313 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_00402B1F | 5_2_00402B1F |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_00402B20 | 5_2_00402B20 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_00410333 | 5_2_00410333 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_00416B3E | 5_2_00416B3E |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0040E457 | 5_2_0040E457 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0040E463 | 5_2_0040E463 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0040E4AC | 5_2_0040E4AC |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_004026C0 | 5_2_004026C0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_00402FE0 | 5_2_00402FE0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01080100 | 5_2_01080100 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0112A118 | 5_2_0112A118 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010C516C | 5_2_010C516C |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0107F172 | 5_2_0107F172 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0115B16B | 5_2_0115B16B |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0109B1B0 | 5_2_0109B1B0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_011501AA | 5_2_011501AA |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_011481CC | 5_2_011481CC |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010970C0 | 5_2_010970C0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0113F0CC | 5_2_0113F0CC |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0114F0E0 | 5_2_0114F0E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_011470E9 | 5_2_011470E9 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0114132D | 5_2_0114132D |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0114A352 | 5_2_0114A352 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0107D34C | 5_2_0107D34C |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010D739A | 5_2_010D739A |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_011503E6 | 5_2_011503E6 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0109E3F0 | 5_2_0109E3F0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01130274 | 5_2_01130274 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010952A0 | 5_2_010952A0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010AB2C0 | 5_2_010AB2C0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_011312ED | 5_2_011312ED |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01090535 | 5_2_01090535 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01147571 | 5_2_01147571 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01150591 | 5_2_01150591 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0112D5B0 | 5_2_0112D5B0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0114F43F | 5_2_0114F43F |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01142446 | 5_2_01142446 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01081460 | 5_2_01081460 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0113E4F6 | 5_2_0113E4F6 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010B4750 | 5_2_010B4750 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01090770 | 5_2_01090770 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0114F7B0 | 5_2_0114F7B0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0108C7C0 | 5_2_0108C7C0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_011416CC | 5_2_011416CC |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010AC6E0 | 5_2_010AC6E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01099950 | 5_2_01099950 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010AB950 | 5_2_010AB950 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010A6962 | 5_2_010A6962 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010929A0 | 5_2_010929A0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0115A9A6 | 5_2_0115A9A6 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010FD800 | 5_2_010FD800 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01092840 | 5_2_01092840 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0109A840 | 5_2_0109A840 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010768B8 | 5_2_010768B8 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010938E0 | 5_2_010938E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010BE8F0 | 5_2_010BE8F0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0114AB40 | 5_2_0114AB40 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0114FB76 | 5_2_0114FB76 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010AFB80 | 5_2_010AFB80 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01146BD7 | 5_2_01146BD7 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010CDBF9 | 5_2_010CDBF9 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01147A46 | 5_2_01147A46 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0114FA49 | 5_2_0114FA49 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01103A6C | 5_2_01103A6C |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0108EA80 | 5_2_0108EA80 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010D5AA0 | 5_2_010D5AA0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0112DAAC | 5_2_0112DAAC |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0113DAC6 | 5_2_0113DAC6 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0109AD00 | 5_2_0109AD00 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01093D40 | 5_2_01093D40 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01141D5A | 5_2_01141D5A |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01147D73 | 5_2_01147D73 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010A8DBF | 5_2_010A8DBF |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010AFDC0 | 5_2_010AFDC0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0108ADE0 | 5_2_0108ADE0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01090C00 | 5_2_01090C00 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01109C32 | 5_2_01109C32 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01130CB5 | 5_2_01130CB5 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0114FCF2 | 5_2_0114FCF2 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01080CF2 | 5_2_01080CF2 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0114FF09 | 5_2_0114FF09 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010D2F28 | 5_2_010D2F28 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010B0F30 | 5_2_010B0F30 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01104F40 | 5_2_01104F40 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01091F92 | 5_2_01091F92 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0114FFB1 | 5_2_0114FFB1 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01082FC8 | 5_2_01082FC8 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0114EE26 | 5_2_0114EE26 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01090E59 | 5_2_01090E59 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0114CE93 | 5_2_0114CE93 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_010A2E90 | 5_2_010A2E90 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_01099EB0 | 5_2_01099EB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Code function: 5_2_0114EEDB | 5_2_0114EEDB |
| Source: unknown | Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PO_11171111221.Vbs.vbs" | |
| Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy RemoteSigned -File "C:\Temp\dddddd.ps1" | |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe" | |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" | |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" | |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
| Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy RemoteSigned -File "C:\Temp\dddddd.ps1" | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe" | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: sxs.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: vbscript.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: msisip.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: wshext.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: scrobj.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: mpr.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: scrrun.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: msxml3.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: wininet.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: mlang.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: winnsi.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: rasadhlp.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: schannel.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: dpapi.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: gpapi.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: edputil.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: appresolver.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: bcp47langs.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: slc.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: sppc.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: edputil.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appresolver.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: bcp47langs.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: slc.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sppc.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Section loaded: mscoree.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\x.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Edit tour
wscript.exe (PID: 416 cmdline: 
powershell.exe (PID: 1216 cmdline: 
conhost.exe (PID: 1148 cmdline: 
x.exe (PID: 4408 cmdline: 
