Source: |
Binary string: System.Core.pdb122658-3693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32U source: powershell.exe, 00000005.00000002.2427817287.00000000007AF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.pdb` source: WERC57C.tmp.dmp.11.dr |
Source: |
Binary string: mscorlib.pdb source: WERC57C.tmp.dmp.11.dr |
Source: |
Binary string: notepad.pdbGCTL source: wscript.exe, 00000000.00000003.2033699414.00000192E5E01000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2030985860.00000192E5C01000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Crustaceology (Virksomhedskategoris 'Fo p$,reag raglNatio.ratb Anta hollUnja:AddiIAtommK,mmpFokua,orec laitSpe,=Adre[ roeTSkriy Grap emeHo,n]Whee:Bids:MellGForme kretd lkTRetiyCalapSalme RepFArrar St oRab,mFo,eCIndkLPracSLiefIWe.pDBoll(Seli$AcciS evet SuraMil tS,nssF rtg Hyda nulr ardaV ndnEmbrtTappepitar UnieVic tH ml)Talb ') source: powershell.exe, 00000002.00000002.2263730437.000002E06D908000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05DC42000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2263730437.000002E06D66F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05DF2D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2430583673.0000000004496000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2457764685.00000000053B4000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: Fo p$,reag raglNatio.ratb Anta hollUnja:AddiIAtommK,mmpFokua,orec laitSpe,=Adre[ roeTSkriy Grap emeHo,n]Whee:Bids:MellGForme kretd lkTRetiyCalapSalme RepFArrar St oRab,mFo,eCIndkLPracSLiefIWe.pDBoll(Seli$AcciS evet SuraMil tS,nssF rtg Hyda nulr ardaV ndnEmbrtTappepitar UnieVic tH ml)Talb source: powershell.exe, 00000005.00000002.2430583673.0000000004496000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: m.Core.pdb4 source: powershell.exe, 00000005.00000002.2463994877.0000000006E01000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.ni.pdb source: WERC57C.tmp.dmp.11.dr |
Source: |
Binary string: aqm.Core.pdbcy source: powershell.exe, 00000005.00000002.2463994877.0000000006E01000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.ni.pdbRSDS source: WERC57C.tmp.dmp.11.dr |
Source: |
Binary string: Fo p$,reag raglNatio.ratb Anta hollUnja:AddiIAtommK,mmpFokua,orec laitSpe,=Adre[ roeTSkriy Grap emeHo,n]Whee:Bids:MellGForme kretd lkTRetiyCalapSalme RepFArrar St oRab,mFo,eCIndkLPracSLiefIWe.pDBoll(Seli$AcciS evet SuraMil tS,nssF rtg Hyda nulr ardaV ndnEmbrtTappepitar UnieVic tH ml)Talb X source: powershell.exe, 00000002.00000002.2229676697.000002E05DC42000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: System.Management.Automation.pdb-2476756634-1003_Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32405117-2476756634-10038 source: powershell.exe, 00000005.00000002.2427817287.00000000007AF000.00000004.00000020.00020000.00000000.sdmp |
Source: powershell.exe, 00000005.00000002.2463994877.0000000006DE6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.micro |
Source: powershell.exe, 00000002.00000002.2268835169.000002E075951000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.v |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05F760000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F382000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.google.com |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05F3BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F760000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.usercontent.google.com |
Source: powershell.exe, 00000002.00000002.2263730437.000002E06D66F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05D826000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05D601000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2430583673.0000000004341000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05D826000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05D601000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000005.00000002.2430583673.0000000004341000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05DA94000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F382000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F3A3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F3A7000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2529517789.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2527521290.00000000059C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://apis.google.com |
Source: powershell.exe, 00000002.00000002.2263730437.000002E06D66F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000002.00000002.2263730437.000002E06D66F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000002.00000002.2263730437.000002E06D66F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05F37D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F760000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.googP |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05F760000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05D826000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F2D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05DAFE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com |
Source: msiexec.exe, 00000007.00000002.2851401747.000000000594A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/g |
Source: msiexec.exe, 00000007.00000002.2851401747.000000000594A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/o |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05D826000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=10mSdA58tHFD2BourB_wMxlvC-LJjwr4RP |
Source: powershell.exe, 00000005.00000002.2430583673.0000000004496000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=10mSdA58tHFD2BourB_wMxlvC-LJjwr4RXR |
Source: msiexec.exe, 00000007.00000002.2851401747.000000000594A000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2851327950.00000000058C0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1N1jCXJK7gaZnsqU2On4d-9WUveSwJsw1 |
Source: msiexec.exe, 00000007.00000002.2851401747.000000000594A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1N1jCXJK7gaZnsqU2On4d-9WUveSwJsw1( |
Source: msiexec.exe, 00000007.00000002.2851401747.000000000594A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1N1jCXJK7gaZnsqU2On4d-9WUveSwJsw13 |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05F3A7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.googh |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05F760000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05DA98000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F3A7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com |
Source: msiexec.exe, 00000007.00000002.2851401747.00000000059B6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2569079355.00000000059C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/ |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05F412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F3BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F760000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05DA98000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F3A7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05DAFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05DAFE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=10mSdA58tHFD2BourB_wMxlvC-LJjwr4R&export=download |
Source: msiexec.exe, 00000007.00000002.2851401747.000000000598D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2529517789.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2527521290.00000000059C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1N1jCXJK7gaZnsqU2On4d-9WUveSwJsw1&export=download |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05D826000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000002.00000002.2271865944.000002E075C22000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://go.m80; |
Source: powershell.exe, 00000002.00000002.2271865944.000002E075C22000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://go.m80;s$ |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05E499000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000002.00000002.2263730437.000002E06D66F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05DA94000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F382000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F3A3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F3A7000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2529517789.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2527521290.00000000059C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ssl.gstatic.com |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05DA94000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F382000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F3A3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F3A7000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2529517789.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2527521290.00000000059B3000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2527521290.00000000059C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google-analytics.com;report-uri |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05DA94000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F382000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F3A3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F3A7000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2529517789.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2527521290.00000000059C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05DA94000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F382000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F3A3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F3A7000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2529517789.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2527521290.00000000059C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.googletagmanager.com |
Source: powershell.exe, 00000002.00000002.2229676697.000002E05DA94000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F382000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F3A3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2229676697.000002E05F3A7000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2529517789.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2527521290.00000000059B3000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2527521290.00000000059C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |