Source: powershell.exe, 00000005.00000002.1942203516.00000225821FA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.google.com |
Source: powershell.exe, 00000005.00000002.1942203516.0000022580552000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.usercontent.google.com |
Source: wab.exe, 00000012.00000002.2590450166.0000000022071000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com |
Source: wab.exe, 00000012.00000002.2590450166.0000000022071000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com/line/?fields=hosting |
Source: wab.exe, 00000012.00000002.2590450166.00000000220D0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://mail.cash4cars.nz |
Source: powershell.exe, 00000005.00000002.2049632681.000002259006D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.1835301736.00000000058B7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 0000000D.00000002.1833657924.00000000049A8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.1836814367.000000000735A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: wab.exe, 00000012.00000002.2590450166.00000000220D0000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000012.00000003.2163783606.000000000665C000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2591088547.00000000240E1000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2591692165.000000002418B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://r3.i.lencr.org/0R |
Source: wab.exe, 00000012.00000002.2590450166.00000000220D0000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000012.00000003.2163783606.000000000665C000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2591088547.00000000240E1000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2591692165.000000002418B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://r3.o.lencr.org0 |
Source: powershell.exe, 00000005.00000002.1942203516.0000022580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.1833657924.0000000004851000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2590450166.0000000022071000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 0000000D.00000002.1833657924.00000000049A8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.1836814367.000000000735A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: wab.exe, 00000012.00000002.2590450166.00000000220D0000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000012.00000003.2163783606.000000000665C000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000003.2163757481.000000002411B000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2591168112.0000000024125000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2573561659.000000000665D000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2591692165.000000002418B000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1962799841.0000000024120000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000003.2163989481.0000000024124000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: wab.exe, 00000012.00000002.2590450166.00000000220D0000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000012.00000003.2163783606.000000000665C000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000003.2163757481.000000002411B000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2591168112.0000000024125000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2573561659.000000000665D000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2591692165.000000002418B000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1962799841.0000000024120000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000003.2163989481.0000000024124000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: powershell.exe, 00000005.00000002.1942203516.0000022580001000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 0000000D.00000002.1833657924.0000000004851000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: powershell.exe, 00000005.00000002.1942203516.000002258221D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.00000225821FA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022582221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.000002258053C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022580522000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022580540000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1810542746.00000000066B6000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1810446940.00000000066B6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://apis.google.com |
Source: powershell.exe, 0000000D.00000002.1835301736.00000000058B7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 0000000D.00000002.1835301736.00000000058B7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 0000000D.00000002.1835301736.00000000058B7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000005.00000002.1942203516.00000225821F6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.googP |
Source: powershell.exe, 00000005.00000002.1942203516.00000225820DC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022580228000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com |
Source: wab.exe, 00000012.00000003.2163783606.000000000665C000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2573561659.000000000665D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/i |
Source: wab.exe, 00000012.00000003.2163783606.000000000665C000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2573561659.000000000665D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/q |
Source: wab.exe, 00000012.00000002.2573561659.0000000006671000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2574645551.0000000006730000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1Bq2Ci98jFSnNo8giLe6NMBJVCVwWFc7q |
Source: powershell.exe, 00000005.00000002.1942203516.0000022580228000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1HPmRWXdwNI6X5gYsmI9v6eKJzIt1G-ttP |
Source: powershell.exe, 0000000D.00000002.1833657924.00000000049A8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1HPmRWXdwNI6X5gYsmI9v6eKJzIt1G-ttXR |
Source: powershell.exe, 00000005.00000002.1942203516.0000022582221000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.googh |
Source: powershell.exe, 00000005.00000002.1942203516.0000022582221000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com |
Source: wab.exe, 00000012.00000003.2163783606.000000000669E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/ |
Source: wab.exe, 00000012.00000003.2163783606.0000000006671000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000003.2163783606.000000000668D000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2573561659.000000000668D000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1810542746.00000000066B6000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1810446940.00000000066B6000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000002.2573561659.0000000006671000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1Bq2Ci98jFSnNo8giLe6NMBJVCVwWFc7q&export=download |
Source: powershell.exe, 00000005.00000002.1942203516.000002258221D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.00000225821FA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022582221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.000002258053C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022580522000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022580540000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1HPmRWXdwNI6X5gYsmI9v6eKJzIt1G-tt&export=download |
Source: powershell.exe, 00000005.00000002.1942203516.0000022580540000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.comzE |
Source: powershell.exe, 0000000D.00000002.1833657924.00000000049A8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.1836814367.000000000735A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000005.00000002.1942203516.0000022581566000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000005.00000002.2049632681.000002259006D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.1835301736.00000000058B7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000005.00000002.1942203516.000002258221D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.00000225821FA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022582221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.000002258053C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022580522000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022580540000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1810542746.00000000066B6000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1810446940.00000000066B6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ssl.gstatic.com |
Source: powershell.exe, 00000005.00000002.1942203516.000002258221D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.00000225821FA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022582221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.000002258053C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022580522000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022580540000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1810542746.00000000066B6000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1810446940.00000000066B6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google-analytics.com;report-uri |
Source: powershell.exe, 00000005.00000002.1942203516.000002258221D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.00000225821FA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022582221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.000002258053C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022580522000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022580540000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1810542746.00000000066B6000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1810446940.00000000066B6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: powershell.exe, 00000005.00000002.1942203516.000002258221D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.00000225821FA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022582221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.000002258053C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022580522000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022580540000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1810542746.00000000066B6000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1810446940.00000000066B6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.googletagmanager.com |
Source: powershell.exe, 00000005.00000002.1942203516.000002258221D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.00000225821FA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022582221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.000002258053C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022580522000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1942203516.0000022580540000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1810542746.00000000066B6000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000012.00000003.1810446940.00000000066B6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |