Source: powershell.exe, 00000001.00000002.2122412787.00000221D5AF8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.google.com |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D3E51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.usercontent.google.com |
Source: wab.exe, 00000009.00000002.2957213484.0000000022E31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com |
Source: wab.exe, 00000009.00000002.2957213484.0000000022E31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com/line/?fields=hosting |
Source: wab.exe, 00000009.00000002.2957213484.0000000022E94000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://mail.cash4cars.nz |
Source: powershell.exe, 00000001.00000002.2261833973.00000221E3970000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1995366811.0000000005978000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000004.00000002.1992852732.0000000004A68000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: wab.exe, 00000009.00000002.2958054380.0000000024EDA000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2143116770.0000000024E77000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2957213484.0000000022E94000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2957958422.0000000024E4A000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2943582396.0000000007208000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://r3.i.lencr.org/0R |
Source: wab.exe, 00000009.00000002.2958054380.0000000024EDA000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2957213484.0000000022E94000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2957958422.0000000024E4A000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2943582396.0000000007208000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://r3.o.lencr.org0 |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D3901000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1992852732.0000000004911000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2957213484.0000000022E31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000004.00000002.1992852732.0000000004A68000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: wab.exe, 00000009.00000002.2958054380.0000000024EDA000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2143116770.0000000024E77000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2957213484.0000000022E94000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2957958422.0000000024E4A000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2943582396.0000000007208000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: wab.exe, 00000009.00000002.2958054380.0000000024EDA000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2143116770.0000000024E77000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2957213484.0000000022E94000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2957958422.0000000024E4A000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2943582396.0000000007208000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D3901000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000004.00000002.1992852732.0000000004911000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lBtq |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D3E3F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5AF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5B1F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D3E21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5B1B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D3E3B000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000003.1958589657.0000000007279000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.1958507079.0000000007279000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://apis.google.com |
Source: powershell.exe, 00000004.00000002.1995366811.0000000005978000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000004.00000002.1995366811.0000000005978000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000004.00000002.1995366811.0000000005978000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D5AF4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.googP |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D5A9A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D3B27000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com |
Source: wab.exe, 00000009.00000002.2943582396.0000000007208000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/ |
Source: wab.exe, 00000009.00000002.2943582396.0000000007208000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/i |
Source: wab.exe, 00000009.00000002.2943582396.0000000007242000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1RpbgeefCbfe4fi32TLrpBFNby3_b7V9N |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D3B27000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1ujhlMu_uY5j0tuvHXsbN0Gf5xcCLQunFP |
Source: powershell.exe, 00000004.00000002.1992852732.0000000004A68000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1ujhlMu_uY5j0tuvHXsbN0Gf5xcCLQunFXR~l |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D5B1F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.googh |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D3E3F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5B1F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com |
Source: wab.exe, 00000009.00000002.2943582396.0000000007261000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/ |
Source: wab.exe, 00000009.00000003.1980141801.0000000007279000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.1958589657.0000000007279000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.1958507079.0000000007279000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2943582396.0000000007208000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1RpbgeefCbfe4fi32TLrpBFNby3_b7V9N&export=download |
Source: wab.exe, 00000009.00000003.1980141801.0000000007279000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1RpbgeefCbfe4fi32TLrpBFNby3_b7V9N&export=downloadgo |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D3E3F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5AF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5B1F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D3E21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5B1B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D3E3B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1ujhlMu_uY5j0tuvHXsbN0Gf5xcCLQunF&export=download |
Source: powershell.exe, 00000004.00000002.1992852732.0000000004A68000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D448E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000001.00000002.2261833973.00000221E3970000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1995366811.0000000005978000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D3E3F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5AF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5B1F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D3E21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5B1B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D3E3B000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000003.1958589657.0000000007279000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.1958507079.0000000007279000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ssl.gstatic.com |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D3E3F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5AF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5B1F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D3E21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5B1B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D3E3B000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000003.1958589657.0000000007279000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.1958507079.0000000007279000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google-analytics.com;report-uri |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D3E3F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5AF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5B1F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D3E21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5B1B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D3E3B000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000003.1958589657.0000000007279000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.1958507079.0000000007279000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D3E3F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5AF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5B1F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D3E21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5B1B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D3E3B000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000003.1958589657.0000000007279000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.1958507079.0000000007279000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.googletagmanager.com |
Source: powershell.exe, 00000001.00000002.2122412787.00000221D3E3F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5AF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5B1F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D3E21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D5B1B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2122412787.00000221D3E3B000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000003.1958589657.0000000007279000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.1958507079.0000000007279000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |