Source: powershell.exe, 00000001.00000002.2329475776.000001D971C7E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.mUy |
Source: powershell.exe, 00000004.00000002.2122178024.0000000008510000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2116646966.0000000007706000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.micro |
Source: powershell.exe, 00000001.00000002.2198052956.000001D95B805000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.google.com |
Source: powershell.exe, 00000001.00000002.2198052956.000001D959B52000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.usercontent.google.com |
Source: wab.exe, 00000009.00000002.2940602617.000000002247B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://mail.cash4cars.nz |
Source: powershell.exe, 00000001.00000002.2313093176.000001D96966F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2112300960.0000000005C87000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000004.00000002.2108163000.0000000004D78000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2116646966.0000000007696000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: wab.exe, 00000009.00000002.2941957130.0000000024531000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2941957130.0000000024542000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2940602617.000000002247B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://r3.i.lencr.org/0R |
Source: wab.exe, 00000009.00000002.2941957130.0000000024542000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2940602617.000000002247B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://r3.o.lencr.org0 |
Source: powershell.exe, 00000001.00000002.2198052956.000001D959601000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2108163000.0000000004C21000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2940602617.0000000022401000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000004.00000002.2108163000.0000000004D78000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2116646966.0000000007696000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: wab.exe, 00000009.00000002.2941957130.0000000024531000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2941957130.0000000024542000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2940602617.000000002247B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: wab.exe, 00000009.00000002.2941957130.0000000024531000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2941957130.0000000024542000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2940602617.000000002247B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: powershell.exe, 00000001.00000002.2198052956.000001D959601000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000004.00000002.2108163000.0000000004C21000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lBkq |
Source: wab.exe, 00000009.00000002.2940602617.0000000022401000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org |
Source: wab.exe, 00000009.00000002.2940602617.0000000022401000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org/ |
Source: wab.exe, 00000009.00000002.2940602617.0000000022401000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org/t |
Source: powershell.exe, 00000001.00000002.2198052956.000001D95B828000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B40000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D95B82C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B22000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D95B805000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2084015727.0000000006B42000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2084174629.0000000006B42000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://apis.google.com |
Source: powershell.exe, 00000004.00000002.2112300960.0000000005C87000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000004.00000002.2112300960.0000000005C87000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000004.00000002.2112300960.0000000005C87000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000001.00000002.2198052956.000001D95B800000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.googP |
Source: powershell.exe, 00000001.00000002.2198052956.000001D95B796000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959829000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com |
Source: wab.exe, 00000009.00000002.2928711448.0000000006AC8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/ |
Source: wab.exe, 00000009.00000002.2928711448.0000000006B01000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2928670685.0000000006A30000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1GFtH2KO7xztBakHz0a-faxdoW0utL33g |
Source: powershell.exe, 00000001.00000002.2198052956.000001D959829000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1xCKkDLKkiJgTC2N28hjl0l19UbuxJ6w9P |
Source: powershell.exe, 00000004.00000002.2108163000.0000000004D78000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1xCKkDLKkiJgTC2N28hjl0l19UbuxJ6w9XR |
Source: powershell.exe, 00000001.00000002.2198052956.000001D95B82C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.googh |
Source: powershell.exe, 00000001.00000002.2198052956.000001D959B40000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D95B82C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com |
Source: wab.exe, 00000009.00000003.2105897287.0000000006B42000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2089818579.0000000006B42000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2928711448.0000000006B28000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/ |
Source: wab.exe, 00000009.00000003.2105897287.0000000006B42000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2089818579.0000000006B42000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2084015727.0000000006B42000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2106027892.0000000006B2B000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2084174629.0000000006B42000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1GFtH2KO7xztBakHz0a-faxdoW0utL33g&export=download |
Source: wab.exe, 00000009.00000002.2928711448.0000000006B01000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1GFtH2KO7xztBakHz0a-faxdoW0utL33g&export=downloadQ |
Source: wab.exe, 00000009.00000002.2928711448.0000000006B01000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1GFtH2KO7xztBakHz0a-faxdoW0utL33g&export=downloadU |
Source: wab.exe, 00000009.00000003.2105897287.0000000006B42000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2089818579.0000000006B42000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1GFtH2KO7xztBakHz0a-faxdoW0utL33g&export=downloade1 |
Source: powershell.exe, 00000001.00000002.2198052956.000001D95B828000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B40000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D95B82C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B22000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D95B805000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1xCKkDLKkiJgTC2N28hjl0l19UbuxJ6w9&export=download |
Source: powershell.exe, 00000004.00000002.2108163000.0000000004D78000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2116646966.0000000007696000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000001.00000002.2198052956.000001D95A17A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000001.00000002.2313093176.000001D96966F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2112300960.0000000005C87000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000001.00000002.2198052956.000001D95B828000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B40000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D95B82C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B22000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D95B805000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2084015727.0000000006B42000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2084174629.0000000006B42000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ssl.gstatic.com |
Source: powershell.exe, 00000001.00000002.2198052956.000001D95B828000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B40000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D95B82C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B22000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D95B805000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2084015727.0000000006B42000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2084174629.0000000006B42000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google-analytics.com;report-uri |
Source: powershell.exe, 00000001.00000002.2198052956.000001D95B828000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B40000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D95B82C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B22000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D95B805000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2084015727.0000000006B42000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2084174629.0000000006B42000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: powershell.exe, 00000001.00000002.2198052956.000001D95B828000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B40000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D95B82C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B22000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D95B805000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2084015727.0000000006B42000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2084174629.0000000006B42000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.googletagmanager.com |
Source: powershell.exe, 00000001.00000002.2198052956.000001D95B828000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B40000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D95B82C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B22000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D959B3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2198052956.000001D95B805000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2084015727.0000000006B42000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2084174629.0000000006B42000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |