Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /download?id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /download?id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.usercontent.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /download?id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.com |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94 HTTP/1.1Host: drive.google.comConnection: Keep-Alive |
Source: wscript.exe, 00000000.00000003.1718339085.000001DC5CAA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1719163509.000001DC5CAAA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRoot |
Source: wscript.exe, 00000000.00000003.1698462624.000001DC5CCF8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: wscript.exe, 00000000.00000003.1718339085.000001DC5CAA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1718762752.000001DC5CAC0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1698462624.000001DC5CCF8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1698486019.000001DC5CADA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1719184508.000001DC5CAC5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: wscript.exe, 00000000.00000003.1718339085.000001DC5CAA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1698462624.000001DC5CCF8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1698486019.000001DC5CADA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1719163509.000001DC5CAAA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: wscript.exe, 00000000.00000003.1718339085.000001DC5CAA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1698462624.000001DC5CCF8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1719163509.000001DC5CAAA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: wscript.exe, 00000000.00000003.1718339085.000001DC5CAA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1719163509.000001DC5CAAA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTruste |
Source: wscript.exe, 00000000.00000003.1718339085.000001DC5CAA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1718762752.000001DC5CAC0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1698462624.000001DC5CCF8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1698486019.000001DC5CADA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1719184508.000001DC5CAC5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: wscript.exe, 00000000.00000003.1698462624.000001DC5CCF8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1698486019.000001DC5CADA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: wscript.exe, 00000000.00000003.1718339085.000001DC5CAA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1719163509.000001DC5CAAA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en$ |
Source: wscript.exe, 00000000.00000003.1718339085.000001DC5CAA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1718762752.000001DC5CAC0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1719184508.000001DC5CAC5000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.0.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: wscript.exe, 00000000.00000003.1718339085.000001DC5CAA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1718762752.000001DC5CAC0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1719184508.000001DC5CAC5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabE |
Source: wscript.exe, 00000000.00000003.1708284459.000001DC5CB05000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?37763f6d4a |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD0EC9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD10D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD181E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD03BF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0979000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD057A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0D28000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0FC9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD14E6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0F85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0D8D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADCFE7D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADCFE8E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0E2D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD07A9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.google.com |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD10D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD181E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD151F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD03BF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0979000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD057A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0D8D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADCFE8E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD07A9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.usercontent.google.com |
Source: powershell.exe, 00000001.00000002.3009017913.000001ADDF913000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.3009017913.000001ADDFA56000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: wscript.exe, 00000000.00000003.1718339085.000001DC5CAA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1698462624.000001DC5CCF8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1698486019.000001DC5CADA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1719163509.000001DC5CAAA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: wscript.exe, 00000000.00000003.1718339085.000001DC5CAA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1698462624.000001DC5CCF8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1719163509.000001DC5CAAA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: wscript.exe, 00000000.00000003.1718339085.000001DC5CAA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1718762752.000001DC5CAC0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1698462624.000001DC5CCF8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1698486019.000001DC5CADA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1719163509.000001DC5CAAA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1719184508.000001DC5CAC5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADCFAC6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADCF8A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADCFAC6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000001.00000002.3013440346.000001ADE7FC0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.microsoft. |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADCF8A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD14E6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://apis.google.com |
Source: powershell.exe, 00000001.00000002.3009017913.000001ADDFA56000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000001.00000002.3009017913.000001ADDFA56000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000001.00000002.3009017913.000001ADDFA56000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD1135000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.googP |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD181E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.googPBjN |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD057A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0D28000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0FC9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0F85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0D8D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD1135000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADCFE7D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADCFE8E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0E2D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD07A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD08F9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADCFAC6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94P |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD150D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.googh |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD181E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.googhZ |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD181E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADCFD99000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD150D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADCFD32000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADCFE8E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD10D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD03BF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0979000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD057A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0D8D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD07A9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com( |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD0EC9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0782000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD10D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADCFD41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0775000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD181E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADCFD3A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADCFD99000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD03BF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0979000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADCFD7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0786000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD150D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD096E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0C93000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0974000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD057A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADCFD95000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0D28000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2992339914.000001ADD0761000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1OQEl7UGOyKsPdRJ91gwqoIVNNRs6PV94&export=download |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADCFAC6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000001.00000002.3009017913.000001ADDF913000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.3009017913.000001ADDFA56000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD14E6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ssl.gstatic.com |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD14E6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google-analytics.com;report-uri |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD14E6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD14E6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.googletagmanager.com |
Source: powershell.exe, 00000001.00000002.2992339914.000001ADD14E6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |
Source: unknown |
Network traffic detected: HTTP traffic on port 49733 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49744 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49743 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49740 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49766 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49743 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49762 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49746 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49769 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49737 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49759 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49753 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49734 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49733 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49732 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49731 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49732 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49767 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49749 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49763 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49769 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49768 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49756 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49767 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49766 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49758 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49765 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49764 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49731 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49763 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49762 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49761 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49760 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49748 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49760 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49764 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49751 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49759 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49758 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49757 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49755 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49756 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49755 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49757 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49734 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49754 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49753 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49751 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49750 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49740 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49761 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49765 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49747 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49744 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49768 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49750 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49749 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49748 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49754 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49747 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49737 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49746 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49745 |