Source: unknown | TCP traffic detected without corresponding DNS query: 23.233.0.213 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.58.54.129 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.233.0.213 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.58.54.129 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.233.0.213 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.58.54.129 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.233.0.213 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.58.54.129 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.233.0.213 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.58.54.129 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.233.0.213 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.233.0.213 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.233.0.213 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.58.54.129 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.58.54.129 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.58.54.129 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.233.0.213 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.58.54.129 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.18.82.18 |
Source: rundll32.exe, 00000003.00000002.2536766643.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.2169372482.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.2255838732.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.2371848887.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.2284034540.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001D.00000002.2385192805.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://.css |
Source: rundll32.exe, 00000003.00000002.2536766643.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.2169372482.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.2255838732.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.2371848887.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.2284034540.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001D.00000002.2385192805.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://.jpg |
Source: rundll32.exe, 00000003.00000002.2536766643.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.2169372482.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.2255838732.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.2371848887.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.2284034540.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001D.00000002.2385192805.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://html4/loose.dtd |
Source: powershell.exe, 0000001A.00000002.2253402475.0000025123BC6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.2336441288.000002513234D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.2336441288.0000025132483000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 0000001A.00000002.2253402475.0000025122503000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: rundll32.exe | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid |
Source: rundll32.exe, 00000003.00000002.2536766643.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.2169372482.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.2255838732.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.2371848887.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.2284034540.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001D.00000002.2385192805.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY# |
Source: rundll32.exe | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 0000001A.00000002.2253402475.0000025123A69000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: powershell.exe, 0000001A.00000002.2253402475.0000025122503000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: rundll32.exe | String found in binary or memory: https://aka.ms/GlobalizationInvariantMode |
Source: rundll32.exe | String found in binary or memory: https://aka.ms/dotnet-warnings/ |
Source: rundll32.exe | String found in binary or memory: https://aka.ms/nativeaot-c |
Source: rundll32.exe | String found in binary or memory: https://aka.ms/nativeaot-compatibility |
Source: rundll32.exe, 0000001D.00000002.2385192805.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://aka.ms/nativeaot-compatibilityY# |
Source: rundll32.exe, 00000003.00000002.2536766643.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.2169372482.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.2255838732.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.2371848887.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.2284034540.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001D.00000002.2385192805.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://aka.ms/nativeaot-compatibilityy# |
Source: powershell.exe, 00000011.00000002.2224474015.000001E4570C3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/pscore6 |
Source: powershell.exe, 00000011.00000002.2224474015.000001E457108000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2236301904.000002A2D5467000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2236301904.000002A2D549D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.2253402475.00000251222D1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 0000001A.00000002.2336441288.0000025132483000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 0000001A.00000002.2336441288.0000025132483000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 0000001A.00000002.2336441288.0000025132483000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 0000001A.00000002.2253402475.0000025122503000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/Pester/Pester |
Source: rundll32.exe, 00000003.00000002.2536766643.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.2169372482.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.2255838732.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.2371848887.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.2284034540.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001D.00000002.2385192805.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001E.00000002.2291296762.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://github.com/dotnet/fsharp |
Source: rundll32.exe, 00000003.00000002.2536766643.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.2169372482.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.2255838732.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.2371848887.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.2284034540.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001D.00000002.2385192805.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001E.00000002.2291296762.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://github.com/dotnet/runtime#x |
Source: rundll32.exe, 00000003.00000002.2536766643.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.2169372482.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.2255838732.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.2371848887.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.2284034540.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001D.00000002.2385192805.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001E.00000002.2291296762.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://github.com/icedland |
Source: rundll32.exe, 00000003.00000002.2536766643.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.2169372482.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.2255838732.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.2371848887.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.2284034540.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001D.00000002.2385192805.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001E.00000002.2291296762.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://github.com/icedland/icedc |
Source: rundll32.exe, 00000003.00000002.2536766643.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.2169372482.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.2255838732.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.2371848887.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.2284034540.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001D.00000002.2385192805.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001E.00000002.2291296762.00007FF8A87D4000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://github.com/secana/PeNet |
Source: powershell.exe, 0000001A.00000002.2253402475.0000025122F03000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://go.micro |
Source: powershell.exe, 0000001A.00000002.2253402475.0000025123BC6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.2336441288.000002513234D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.2336441288.0000025132483000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 0000001A.00000002.2253402475.0000025123A69000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://oneget.org |
Source: powershell.exe, 0000001A.00000002.2253402475.0000025123A69000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://oneget.orgX |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: --install |
Source: rundll32.exe | String found in binary or memory: ./InstallError.txt |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: --install |
Source: rundll32.exe | String found in binary or memory: ./InstallError.txt |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: --install |
Source: rundll32.exe | String found in binary or memory: ./InstallError.txt |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: --install |
Source: rundll32.exe | String found in binary or memory: ./InstallError.txt |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: --install |
Source: rundll32.exe | String found in binary or memory: ./InstallError.txt |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: --install |
Source: rundll32.exe | String found in binary or memory: ./InstallError.txt |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: --install |
Source: rundll32.exe | String found in binary or memory: ./InstallError.txt |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: artIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: ngs> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartO |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: tteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>tru |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: ailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSe |
Source: rundll32.exe | String found in binary or memory: --install |
Source: rundll32.exe | String found in binary or memory: ./InstallError.txt |
Source: unknown | Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\uEhN67huiV.dll" | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",#1 | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\uEhN67huiV.dll,DllMainer | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",#1 | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4112 -s 588 | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\uEhN67huiV.dll,DllMainerInstall | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\taskkill.exe "taskkill" /F /IM powershell.exe | |
Source: C:\Windows\System32\taskkill.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\schtasks.exe "schtasks.exe" /Delete /TN IntelProfileUpdater_Helper /F | |
Source: C:\Windows\System32\schtasks.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\schtasks.exe "schtasks.exe" /Delete /TN IntelProfileUpdater_OnLogOnDaily /F | |
Source: C:\Windows\System32\schtasks.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ExecutionPolicy Bypass -Command "schtasks /create /tn \"IntelProfileUpdater_OnLogOnDaily\" /xml \"C:\Users\user\AppData\Local\task.xml\"" | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /create /tn IntelProfileUpdater_OnLogOnDaily /xml C:\Users\user\AppData\Local\task.xml | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\uEhN67huiV.dll,DllMainerInstallUserOnly | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ExecutionPolicy Bypass -Command "schtasks /create /tn \"IntelProfileUpdater_Helper\" /xml \"C:\Users\user\AppData\Local\task.xml\"" | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\taskkill.exe "taskkill" /F /IM powershell.exe | |
Source: C:\Windows\System32\taskkill.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /create /tn IntelProfileUpdater_Helper /xml C:\Users\user\AppData\Local\task.xml | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command $WScriptShell = New-Object -ComObject WScript.Shell $Shortcut = $WScriptShell.CreateShortcut('C:\Users\user\AppData\Roaming/Microsoft/Windows/Start Menu/Programs/Startup/IntelManagementEngine.lnk') $Shortcut.TargetPath = 'powershell.exe' $Shortcut.Description = 'The Intel Management Engine (ME) is an embedded microcontroller running on a dedicated microprocessor integrated into Intel chipsets.' $Shortcut.Arguments = '-NoProfile -ExecutionPolicy Bypass -Command C:\Windows\System32\rundll32.exe "C:\Users\user\AppData\Roaming/IntelManagementUnit/Mainer.dll",DllMainerUserOnly' $Shortcut.WindowStyle = 7 $Shortcut.Save() | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",DllMainer | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",DllMainerInstall | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",DllMainerInstallUserOnly | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",Dummy | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",DotNetRuntimeDebugHeader | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",DllMainerUserOnly | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",DllMainerSmartAndSilent | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\taskkill.exe "taskkill" /F /IM powershell.exe | |
Source: C:\Windows\System32\taskkill.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7648 -s 372 | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\taskkill.exe "taskkill" /F /IM powershell.exe | |
Source: C:\Windows\System32\taskkill.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\schtasks.exe "schtasks.exe" /Delete /TN IntelProfileUpdater_Helper /F | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ExecutionPolicy Bypass -Command "Write-Host 'Dummy process started. Press Ctrl+C to exit.'; while ($true) { try { Start-Sleep -Seconds 1 } catch { Write-Host 'Close signal received. Exiting...'; break } }" | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command $WScriptShell = New-Object -ComObject WScript.Shell $Shortcut = $WScriptShell.CreateShortcut('C:\Users\user\AppData\Roaming/Microsoft/Windows/Start Menu/Programs/Startup/IntelManagementEngine.lnk') $Shortcut.TargetPath = 'powershell.exe' $Shortcut.Description = 'The Intel Management Engine (ME) is an embedded microcontroller running on a dedicated microprocessor integrated into Intel chipsets.' $Shortcut.Arguments = '-NoProfile -ExecutionPolicy Bypass -Command C:\Windows\System32\rundll32.exe "C:\Users\user\AppData\Roaming/IntelManagementUnit/Mainer.dll",DllMainerUserOnly' $Shortcut.WindowStyle = 7 $Shortcut.Save() | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\schtasks.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\schtasks.exe "schtasks.exe" /Delete /TN IntelProfileUpdater_OnLogOnDaily /F | |
Source: C:\Windows\System32\schtasks.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ExecutionPolicy Bypass -Command "schtasks /create /tn \"IntelProfileUpdater_OnLogOnDaily\" /xml \"C:\Users\user\AppData\Local\task.xml\"" | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /create /tn IntelProfileUpdater_OnLogOnDaily /xml C:\Users\user\AppData\Local\task.xml | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ExecutionPolicy Bypass -Command "schtasks /create /tn \"IntelProfileUpdater_Helper\" /xml \"C:\Users\user\AppData\Local\task.xml\"" | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /create /tn IntelProfileUpdater_Helper /xml C:\Users\user\AppData\Local\task.xml | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",#1 | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\uEhN67huiV.dll,DllMainer | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\uEhN67huiV.dll,DllMainerInstall | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\uEhN67huiV.dll,DllMainerInstallUserOnly | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",DllMainer | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",DllMainerInstall | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",DllMainerInstallUserOnly | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",Dummy | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",DotNetRuntimeDebugHeader | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",DllMainerUserOnly | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",DllMainerSmartAndSilent | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\uEhN67huiV.dll",#1 | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\taskkill.exe "taskkill" /F /IM powershell.exe | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\schtasks.exe "schtasks.exe" /Delete /TN IntelProfileUpdater_Helper /F | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\schtasks.exe "schtasks.exe" /Delete /TN IntelProfileUpdater_OnLogOnDaily /F | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ExecutionPolicy Bypass -Command "schtasks /create /tn \"IntelProfileUpdater_OnLogOnDaily\" /xml \"C:\Users\user\AppData\Local\task.xml\"" | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ExecutionPolicy Bypass -Command "schtasks /create /tn \"IntelProfileUpdater_Helper\" /xml \"C:\Users\user\AppData\Local\task.xml\"" | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /create /tn IntelProfileUpdater_OnLogOnDaily /xml C:\Users\user\AppData\Local\task.xml | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\taskkill.exe "taskkill" /F /IM powershell.exe | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command $WScriptShell = New-Object -ComObject WScript.Shell $Shortcut = $WScriptShell.CreateShortcut('C:\Users\user\AppData\Roaming/Microsoft/Windows/Start Menu/Programs/Startup/IntelManagementEngine.lnk') $Shortcut.TargetPath = 'powershell.exe' $Shortcut.Description = 'The Intel Management Engine (ME) is an embedded microcontroller running on a dedicated microprocessor integrated into Intel chipsets.' $Shortcut.Arguments = '-NoProfile -ExecutionPolicy Bypass -Command C:\Windows\System32\rundll32.exe "C:\Users\user\AppData\Roaming/IntelManagementUnit/Mainer.dll",DllMainerUserOnly' $Shortcut.WindowStyle = 7 $Shortcut.Save() | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /create /tn IntelProfileUpdater_Helper /xml C:\Users\user\AppData\Local\task.xml | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\taskkill.exe "taskkill" /F /IM powershell.exe | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\schtasks.exe "schtasks.exe" /Delete /TN IntelProfileUpdater_Helper /F | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\schtasks.exe "schtasks.exe" /Delete /TN IntelProfileUpdater_OnLogOnDaily /F | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ExecutionPolicy Bypass -Command "schtasks /create /tn \"IntelProfileUpdater_OnLogOnDaily\" /xml \"C:\Users\user\AppData\Local\task.xml\"" | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ExecutionPolicy Bypass -Command "schtasks /create /tn \"IntelProfileUpdater_Helper\" /xml \"C:\Users\user\AppData\Local\task.xml\"" | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\taskkill.exe "taskkill" /F /IM powershell.exe | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command $WScriptShell = New-Object -ComObject WScript.Shell $Shortcut = $WScriptShell.CreateShortcut('C:\Users\user\AppData\Roaming/Microsoft/Windows/Start Menu/Programs/Startup/IntelManagementEngine.lnk') $Shortcut.TargetPath = 'powershell.exe' $Shortcut.Description = 'The Intel Management Engine (ME) is an embedded microcontroller running on a dedicated microprocessor integrated into Intel chipsets.' $Shortcut.Arguments = '-NoProfile -ExecutionPolicy Bypass -Command C:\Windows\System32\rundll32.exe "C:\Users\user\AppData\Roaming/IntelManagementUnit/Mainer.dll",DllMainerUserOnly' $Shortcut.WindowStyle = 7 $Shortcut.Save() | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ExecutionPolicy Bypass -Command "Write-Host 'Dummy process started. Press Ctrl+C to exit.'; while ($true) { try { Start-Sleep -Seconds 1 } catch { Write-Host 'Close signal received. Exiting...'; break } }" | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /create /tn IntelProfileUpdater_OnLogOnDaily /xml C:\Users\user\AppData\Local\task.xml | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /create /tn IntelProfileUpdater_Helper /xml C:\Users\user\AppData\Local\task.xml | |
Source: C:\Windows\System32\loaddll64.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: framedynos.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\schtasks.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\schtasks.exe | Section loaded: taskschd.dll | Jump to behavior |
Source: C:\Windows\System32\schtasks.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\schtasks.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\schtasks.exe | Section loaded: taskschd.dll | Jump to behavior |
Source: C:\Windows\System32\schtasks.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\schtasks.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\schtasks.exe | Section loaded: taskschd.dll | Jump to behavior |
Source: C:\Windows\System32\schtasks.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: framedynos.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\schtasks.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\schtasks.exe | Section loaded: taskschd.dll | Jump to behavior |
Source: C:\Windows\System32\schtasks.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: scrrun.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\System32\taskkill.exe | Section loaded: version.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: mpr.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: framedynos.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: dbghelp.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: netutils.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: winsta.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: amsi.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: profapi.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: version.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: mpr.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: framedynos.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: dbghelp.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: netutils.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: winsta.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: amsi.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\taskkill.exe | Section loaded: profapi.dll | |
Source: C:\Windows\System32\schtasks.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\schtasks.exe | Section loaded: taskschd.dll | |
Source: C:\Windows\System32\schtasks.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\schtasks.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\schtasks.exe | Section loaded: taskschd.dll | |
Source: C:\Windows\System32\schtasks.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\System32\schtasks.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\schtasks.exe | Section loaded: taskschd.dll | |
Source: C:\Windows\System32\schtasks.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\System32\schtasks.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\schtasks.exe | Section loaded: taskschd.dll | |
Source: C:\Windows\System32\schtasks.exe | Section loaded: sspicli.dll | |