Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.208.158.47 |
Source: OceanicTools.exe |
String found in binary or memory: http://185.208.158.47/phantomtoolsv2.exe |
Source: OceanicTools.exe |
String found in binary or memory: http://185.208.158.47/phantomtoolsv2.exeAnalNosorog256X-Secret-Phrase |
Source: powershell.exe, 00000009.00000002.2430659101.00000220FAA15000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.mic |
Source: powershell.exe, 00000009.00000002.2430659101.00000220FAA15000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.micft.cMicRosof |
Source: powershell.exe, 00000005.00000002.2227145287.000001AA63A16000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.micro |
Source: powershell.exe, 00000005.00000002.2227145287.000001AA63A16000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.micro/pki/crl/productCerAut_2010-06-2 |
Source: OceanicTools.exe |
String found in binary or memory: http://https:///&?=-_.~: |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2834681835.000001FB13695000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2834648950.000001FB13694000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2834605604.000001FB13690000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.a.0/sTy |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2654718716.000001FB13681000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.a.0/sTyi |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2834681835.000001FB13695000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2834648950.000001FB13694000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2834605604.000001FB13690000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.adobe.c.0/ti |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2654718716.000001FB13681000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.adobe.c.0/tif |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2834681835.000001FB13695000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2834648950.000001FB13694000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2834605604.000001FB13690000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.adobe.hotosh |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2654718716.000001FB13681000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.adobe.hotoshi |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2834681835.000001FB13695000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2834648950.000001FB13694000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2834605604.000001FB13690000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.adoraw-se |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2654718716.000001FB13681000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.adoraw-sei |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2834681835.000001FB13695000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2834648950.000001FB13694000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2834605604.000001FB13690000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.photo/ |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2654718716.000001FB13681000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.photo/i |
Source: powershell.exe, 00000005.00000002.2221407009.000001AA5B74D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2414199760.000002209006D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000009.00000002.2368510448.0000022080227000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000005.00000002.2205086606.000001AA4B906000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2368510448.0000022080227000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/ |
Source: powershell.exe, 00000005.00000002.2205086606.000001AA4B6E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2368510448.0000022080001000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000005.00000002.2205086606.000001AA4B906000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2368510448.0000022080227000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/wsdl/ |
Source: powershell.exe, 00000009.00000002.2368510448.0000022080227000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000005.00000002.2227145287.000001AA63A16000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.micom/pki/certs/Miut_2010-06-23.cr |
Source: powershell.exe, 00000009.00000002.2428854382.00000220FA8F0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.micom/pkiops/Docs/ry.htm0 |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2656578724.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657134772.000001FB10DF3000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657312992.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657277538.000001FB10E19000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: powershell.exe, 00000005.00000002.2205086606.000001AA4B6E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2368510448.0000022080001000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000002.2835428358.000001FB10D28000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org/ |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000002.2835428358.000001FB10D28000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org/8v |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2680939696.000001FB1399B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743. |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2680939696.000001FB1399B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2656578724.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657134772.000001FB10DF3000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657312992.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657277538.000001FB10E19000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2656578724.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657134772.000001FB10DF3000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657312992.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657277538.000001FB10E19000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2656578724.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657134772.000001FB10DF3000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657312992.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657277538.000001FB10E19000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2680939696.000001FB1399B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2680939696.000001FB1399B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg |
Source: powershell.exe, 00000009.00000002.2414199760.000002209006D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000009.00000002.2414199760.000002209006D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000009.00000002.2414199760.000002209006D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2656578724.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657134772.000001FB10DF3000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657312992.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657312992.000001FB139C3000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657277538.000001FB10E19000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2656578724.000001FB139C3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2656578724.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657134772.000001FB10DF3000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657312992.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657312992.000001FB139C3000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657277538.000001FB10E19000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2656578724.000001FB139C3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2656578724.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657134772.000001FB10DF3000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657312992.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657312992.000001FB139C3000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657277538.000001FB10E19000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2656578724.000001FB139C3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: qflwedtkihuzyxlg.exe.0.dr |
String found in binary or memory: https://gcc.gnu.org/bugs/): |
Source: powershell.exe, 00000009.00000002.2368510448.0000022080227000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2680939696.000001FB1399B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi |
Source: powershell.exe, 00000005.00000002.2221407009.000001AA5B74D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2414199760.000002209006D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2672224888.000001FB12E3F000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2673411537.000001FB139F3000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2677279611.000001FB13FEE000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A92000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A45000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A9A000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2673160053.000001FB12C88000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2672224888.000001FB12E47000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2673160053.000001FB12C80000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2672643678.000001FB12CC8000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A3D000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2672643678.000001FB12CC0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A4D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A4D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2680939696.000001FB1399B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477 |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2680939696.000001FB1399B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2656578724.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657134772.000001FB10DF3000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657312992.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657277538.000001FB10E19000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2656578724.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657134772.000001FB10DF3000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657312992.000001FB139DC000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2657277538.000001FB10E19000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: OceanicTools.exe |
String found in binary or memory: https://www.haskell.org/ghc/reportabug |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2672224888.000001FB12E3F000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2673411537.000001FB139F3000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2677279611.000001FB13FEE000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A92000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A45000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A9A000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2673160053.000001FB12C88000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2672224888.000001FB12E47000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2673160053.000001FB12C80000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2672643678.000001FB12CC8000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A3D000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2672643678.000001FB12CC0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A4D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A4D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2677279611.000001FB13FF5000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13AA1000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2672643678.000001FB12CCF000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2672224888.000001FB12E4F000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A4D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A4D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2677279611.000001FB13FF5000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13AA1000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2672643678.000001FB12CCF000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2672224888.000001FB12E4F000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A4D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2677279611.000001FB13FF5000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13AA1000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2672643678.000001FB12CCF000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2672224888.000001FB12E4F000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2671528726.000001FB13A4D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 5_2_00007FF848FE42BF |
5_2_00007FF848FE42BF |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 11_2_00007FF6350D3C70 |
11_2_00007FF6350D3C70 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 11_2_00007FF6350D34D0 |
11_2_00007FF6350D34D0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 11_2_00007FF6350D6A40 |
11_2_00007FF6350D6A40 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 11_2_00007FF6350D7290 |
11_2_00007FF6350D7290 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 11_2_00007FF6350EDA84 |
11_2_00007FF6350EDA84 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 11_2_00007FF6350E5B20 |
11_2_00007FF6350E5B20 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 11_2_00007FF6350F5140 |
11_2_00007FF6350F5140 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 11_2_00007FF6351CC950 |
11_2_00007FF6351CC950 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 11_2_00007FF6351B7220 |
11_2_00007FF6351B7220 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 11_2_00007FF6350EC4A0 |
11_2_00007FF6350EC4A0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 11_2_00007FF6350F64F0 |
11_2_00007FF6350F64F0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 11_2_00007FF6350ED367 |
11_2_00007FF6350ED367 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014008A06A |
14_2_000000014008A06A |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014005F140 |
14_2_000000014005F140 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400421C0 |
14_2_00000001400421C0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014007F210 |
14_2_000000014007F210 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014008426B |
14_2_000000014008426B |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400743A0 |
14_2_00000001400743A0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014007E3D0 |
14_2_000000014007E3D0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014002F650 |
14_2_000000014002F650 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140086680 |
14_2_0000000140086680 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014007D6E0 |
14_2_000000014007D6E0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014003B740 |
14_2_000000014003B740 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014003C7E0 |
14_2_000000014003C7E0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400B67F0 |
14_2_00000001400B67F0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140094B74 |
14_2_0000000140094B74 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140076BA0 |
14_2_0000000140076BA0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014007FBA0 |
14_2_000000014007FBA0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014003ABE0 |
14_2_000000014003ABE0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014009ACF0 |
14_2_000000014009ACF0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140084CF0 |
14_2_0000000140084CF0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014007CDF0 |
14_2_000000014007CDF0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014003CE80 |
14_2_000000014003CE80 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014002EF60 |
14_2_000000014002EF60 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014009DFA0 |
14_2_000000014009DFA0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014006E000 |
14_2_000000014006E000 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014004E000 |
14_2_000000014004E000 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140082030 |
14_2_0000000140082030 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400A7038 |
14_2_00000001400A7038 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140036050 |
14_2_0000000140036050 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014006B0A0 |
14_2_000000014006B0A0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140092094 |
14_2_0000000140092094 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014007E0B0 |
14_2_000000014007E0B0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400300C6 |
14_2_00000001400300C6 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014006A100 |
14_2_000000014006A100 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014003A110 |
14_2_000000014003A110 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140006180 |
14_2_0000000140006180 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140028200 |
14_2_0000000140028200 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014009E21C |
14_2_000000014009E21C |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140055250 |
14_2_0000000140055250 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014009227C |
14_2_000000014009227C |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400B92E0 |
14_2_00000001400B92E0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400532E0 |
14_2_00000001400532E0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400A22D8 |
14_2_00000001400A22D8 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140096300 |
14_2_0000000140096300 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140056340 |
14_2_0000000140056340 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140026340 |
14_2_0000000140026340 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140093344 |
14_2_0000000140093344 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140025350 |
14_2_0000000140025350 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140082380 |
14_2_0000000140082380 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014008E38C |
14_2_000000014008E38C |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014006A400 |
14_2_000000014006A400 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400A5464 |
14_2_00000001400A5464 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140092464 |
14_2_0000000140092464 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014009C498 |
14_2_000000014009C498 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014006E49A |
14_2_000000014006E49A |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014004C500 |
14_2_000000014004C500 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140062510 |
14_2_0000000140062510 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400705A0 |
14_2_00000001400705A0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140006610 |
14_2_0000000140006610 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400596B0 |
14_2_00000001400596B0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014006A730 |
14_2_000000014006A730 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140066750 |
14_2_0000000140066750 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400907A0 |
14_2_00000001400907A0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400A37AC |
14_2_00000001400A37AC |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014009E7A4 |
14_2_000000014009E7A4 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014008E884 |
14_2_000000014008E884 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014009B968 |
14_2_000000014009B968 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400269E0 |
14_2_00000001400269E0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140078A40 |
14_2_0000000140078A40 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014006AA50 |
14_2_000000014006AA50 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140092AAC |
14_2_0000000140092AAC |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140037AAD |
14_2_0000000140037AAD |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400A6ACC |
14_2_00000001400A6ACC |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400A1B68 |
14_2_00000001400A1B68 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00000001400BBB80 |
14_2_00000001400BBB80 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014006DBC0 |
14_2_000000014006DBC0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014002FC80 |
14_2_000000014002FC80 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140006D20 |
14_2_0000000140006D20 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014004AD30 |
14_2_000000014004AD30 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140066D53 |
14_2_0000000140066D53 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014006AD70 |
14_2_000000014006AD70 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140005DB0 |
14_2_0000000140005DB0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014009BE18 |
14_2_000000014009BE18 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014006CE40 |
14_2_000000014006CE40 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140075E70 |
14_2_0000000140075E70 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140072EC0 |
14_2_0000000140072EC0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_000000014009CF18 |
14_2_000000014009CF18 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_0000000140038FB0 |
14_2_0000000140038FB0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00007FF6350D7290 |
14_2_00007FF6350D7290 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00007FF6350F5140 |
14_2_00007FF6350F5140 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00007FF6351B7220 |
14_2_00007FF6351B7220 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00007FF6350EC4A0 |
14_2_00007FF6350EC4A0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00007FF6350D34D0 |
14_2_00007FF6350D34D0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00007FF6350F64F0 |
14_2_00007FF6350F64F0 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00007FF6350ED367 |
14_2_00007FF6350ED367 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00007FF6350D6A40 |
14_2_00007FF6350D6A40 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00007FF6350EDA84 |
14_2_00007FF6350EDA84 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00007FF6350E5B20 |
14_2_00007FF6350E5B20 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00007FF6351CC950 |
14_2_00007FF6351CC950 |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Code function: 14_2_00007FF6350D3C70 |
14_2_00007FF6350D3C70 |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: dbgcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vbscript.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\PING.EXE |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\PING.EXE |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\System32\PING.EXE |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: OceanicTools.exe |
Binary or memory string: VMware |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696428655f |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696428655 |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000002.2835428358.000001FB10D96000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000002.2835428358.000001FB10D28000.00000004.00000020.00020000.00000000.sdmp, qflwedtkihuzyxlg.exe, 0000000E.00000003.2655491718.000001FB10DB5000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696428655t |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696428655s |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696428655 |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696428655o |
Source: OceanicTools.exe |
Binary or memory string: vmware |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.comVMware20,11696428655 |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696428655j |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
Source: OceanicTools.exe |
Binary or memory string: SYSTEM\CurrentControlSet\Services\Disk\EnumqueryregmanufacturergetcomputersystemwmicopenvzxenqemukvmmicrosoftvirtualboxvmwareKVMQEMUVBOXVMwareLicense Agreementhttp://185.208.158.47/phantomtoolsv2.exeAnalNosorog256X-Secret-Phrase')); Invoke-Expression $cmd"Add-MpPreference -ExclusionPath "$cmd = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('-Commandpowershell.exeInstallation completed.An error occurred during installation.Installation canceled by the user.User Agreement for Software Application: |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696428655x |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
Source: qflwedtkihuzyxlg.exe, 0000000E.00000003.2666150032.000001FB12E08000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Queries volume information: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\OceanicTools.exe |
Queries volume information: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Users\user\foekseyrkkzyooxy\qflwedtkihuzyxlg.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |