Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /download?id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.usercontent.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /download?id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s&export=download HTTP/1.1Host: drive.usercontent.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: wscript.exe, 00000000.00000003.1349349433.000001943386F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1350603012.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1349917928.0000019433878000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digi |
Source: wscript.exe, 00000000.00000003.1349349433.000001943386F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1350603012.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1349917928.0000019433878000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.c |
Source: wscript.exe, 00000000.00000003.1323035422.0000019433A98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: wscript.exe, 00000000.00000003.1349349433.000001943386F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1350657100.0000019433893000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1350068503.000001943388F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1349917928.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1323035422.0000019433A98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: wscript.exe, 00000000.00000003.1349349433.000001943386F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1350603012.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1351121003.00000194358A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1349917928.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1323035422.0000019433A98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: wscript.exe, 00000000.00000003.1349349433.000001943386F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1350603012.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1349917928.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1323035422.0000019433A98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: wscript.exe, 00000000.00000003.1349349433.000001943386F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1350603012.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1349917928.0000019433878000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4R0 |
Source: wscript.exe, 00000000.00000003.1349349433.000001943386F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1350657100.0000019433893000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1350068503.000001943388F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1349917928.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1323035422.0000019433A98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: wscript.exe, 00000000.00000002.1351121003.00000194358A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1323035422.0000019433A98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: wscript.exe, 00000000.00000003.1331521973.0000019433916000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1331955967.0000019433916000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/7 |
Source: wscript.exe, 00000000.00000003.1331521973.0000019433916000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1331955967.0000019433916000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/M |
Source: wscript.exe, 00000000.00000003.1331521973.0000019433916000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1331955967.0000019433916000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.0.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: wscript.exe, 00000000.00000003.1349349433.000001943386F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1350603012.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1349917928.0000019433878000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab9 |
Source: wscript.exe, 00000000.00000003.1331521973.0000019433916000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c8e05410ddccb |
Source: wscript.exe, 00000000.00000003.1349349433.000001943386F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1350657100.0000019433893000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1350068503.000001943388F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1349917928.0000019433878000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabT3 |
Source: wscript.exe, 00000000.00000003.1349349433.000001943386F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1350603012.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1349917928.0000019433878000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enj |
Source: wscript.exe, 00000000.00000003.1331955967.00000194338D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c8e05410dd |
Source: powershell.exe, 00000002.00000002.2609687458.000001D60154F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600974000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D60179A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D60102B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600E31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600D75000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601DC4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D6005E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601165000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D6016ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D60071F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600F60000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600A02000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600B4A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601829000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601652000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.google.com |
Source: powershell.exe, 00000002.00000002.2609687458.000001D601C74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601DC4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601165000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D60071F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600F60000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601652000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.usercontent.google.com |
Source: powershell.exe, 00000002.00000002.2631379660.000001D6101B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2631379660.000001D610074000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: wscript.exe, 00000000.00000003.1349349433.000001943386F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1350603012.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1351121003.00000194358A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1349917928.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1323035422.0000019433A98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: wscript.exe, 00000000.00000003.1349349433.000001943386F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1350603012.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1349917928.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1323035422.0000019433A98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: wscript.exe, 00000000.00000003.1349349433.000001943386F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1350657100.0000019433893000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1350603012.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1350068503.000001943388F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1349917928.0000019433878000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1323035422.0000019433A98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: powershell.exe, 00000002.00000002.2609687458.000001D600226000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.2609687458.000001D600001000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000002.00000002.2609687458.000001D600226000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000002.00000002.2609687458.000001D600001000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000002.00000002.2609687458.000001D6004F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C62000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600437000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601CD1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://apis.google.com |
Source: powershell.exe, 00000002.00000002.2631379660.000001D610074000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000002.00000002.2631379660.000001D610074000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000002.00000002.2631379660.000001D610074000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000002.00000002.2609687458.000001D601C38000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601DC4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.googP |
Source: powershell.exe, 00000002.00000002.2609687458.000001D60071F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600F60000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600A02000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D60175D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600B4A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601829000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601652000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com |
Source: powershell.exe, 00000002.00000002.2609687458.000001D600226000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176sP |
Source: powershell.exe, 00000002.00000002.2609687458.000001D601C62000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.googh |
Source: powershell.exe, 00000002.00000002.2609687458.000001D601C62000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600491000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601DC4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D60071F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com |
Source: powershell.exe, 00000002.00000002.2609687458.000001D601165000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D60071F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600F60000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601652000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com( |
Source: powershell.exe, 00000002.00000002.2609687458.000001D600491000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601DC4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D6005E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601165000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D6016ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D60071F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600F60000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600A02000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600ED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600B4A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601829000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601652000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601162000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1TFXcrJWTGmac2hj-VsLoWxwsskgB176s&export=download |
Source: powershell.exe, 00000002.00000002.2609687458.000001D600226000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000002.00000002.2631379660.000001D6101B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2631379660.000001D610074000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000002.00000002.2609687458.000001D6004F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C62000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600437000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601CD1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ssl.gstatic.com |
Source: powershell.exe, 00000002.00000002.2609687458.000001D6004F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C5E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C62000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600437000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601CD1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google-analytics.com;report-uri |
Source: powershell.exe, 00000002.00000002.2609687458.000001D6004F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C62000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600437000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601CD1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: powershell.exe, 00000002.00000002.2609687458.000001D6004F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C5E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C62000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600437000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601CD1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.googletagmanager.com |
Source: powershell.exe, 00000002.00000002.2609687458.000001D6004F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C5E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601C62000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D600437000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2609687458.000001D601CD1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |
Source: unknown |
Network traffic detected: HTTP traffic on port 49708 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49710 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57680 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57678 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57684 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57687 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57688 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57689 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57668 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49720 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49713 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57675 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49717 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57671 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57681 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49707 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57677 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57685 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57688 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57674 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49718 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49720 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57682 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57686 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57668 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57672 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49719 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57673 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57674 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57675 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57689 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57671 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49719 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49718 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49717 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57673 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49716 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49713 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49709 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49710 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57679 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57683 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57687 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57676 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57677 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57678 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57679 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57683 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57684 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57685 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57686 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57680 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57681 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49709 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 57682 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49708 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49707 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49716 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57676 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 57672 -> 443 |