Source: wscript.exe, 00000000.00000003.2325461625.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2522818795.00000125100F3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2514780950.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2516088916.000001250FD80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2325898663.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2326061758.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2522409365.000001250E0E2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520382934.000001250FD72000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2325381099.000001250FD80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520106323.000001250E0E2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2325544492.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2326031502.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520623399.000001250FDA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2522622351.000001250FD70000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2516046227.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2519449118.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2514887391.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2325932418.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2522645221.000001250FD75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2325356738.000001250E05A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2519449118.000001250FD84000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspx |
Source: wscript.exe, 00000000.00000003.2325512254.000001250FD74000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2326031502.000001250FD7A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspx_Tex |
Source: wscript.exe, 00000000.00000003.2325461625.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2514780950.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2325898663.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2326061758.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2325544492.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2326031502.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520623399.000001250FDA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2516046227.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2519449118.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2514887391.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2325932418.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2326000668.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2325969324.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspxd |
Source: wscript.exe, 00000000.00000002.2523019692.0000012510B40000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.micro |
Source: powershell.exe, 00000006.00000002.3047439942.000001D4C3D20000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.microsoft~# |
Source: powershell.exe, 00000008.00000002.2886427774.000002CA256FF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000008.00000002.2702281796.000002CA158B3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000006.00000002.3007331648.000001D4ABBAB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2702281796.000002CA15691000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000008.00000002.2702281796.000002CA1BB7D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://uploaddeimagens.com.br |
Source: powershell.exe, 00000008.00000002.2702281796.000002CA158B3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000006.00000002.3007331648.000001D4ABB39000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6 |
Source: powershell.exe, 00000006.00000002.3007331648.000001D4ABB96000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2702281796.000002CA15691000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: wscript.exe, 00000000.00000002.2522195506.000001250E000000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520794814.0000012510205000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://analytics.paste.ee |
Source: wscript.exe, 00000000.00000002.2522195506.000001250E000000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520794814.0000012510205000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://analytics.paste.ee; |
Source: wscript.exe, 00000000.00000002.2522195506.000001250E000000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520794814.0000012510205000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdnjs.cloudflare.com |
Source: wscript.exe, 00000000.00000002.2522195506.000001250E000000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2519666628.0000012510143000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2522818795.0000012510143000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520794814.0000012510205000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdnjs.cloudflare.com; |
Source: powershell.exe, 00000008.00000002.2886427774.000002CA256FF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000008.00000002.2886427774.000002CA256FF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000008.00000002.2886427774.000002CA256FF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: wscript.exe, 00000000.00000002.2522195506.000001250E000000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2519666628.0000012510143000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2522818795.0000012510143000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520794814.0000012510205000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fonts.googleapis.com |
Source: wscript.exe, 00000000.00000002.2522195506.000001250E000000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2519666628.0000012510143000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2522818795.0000012510143000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520794814.0000012510205000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fonts.gstatic.com; |
Source: powershell.exe, 00000008.00000002.2702281796.000002CA158B3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000006.00000002.3043269238.000001D4C3C8A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://go.microsoft.coT |
Source: wscript.exe, 00000000.00000003.2519666628.0000012510114000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2522818795.0000012510114000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com |
Source: powershell.exe, 00000008.00000002.2886427774.000002CA256FF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: wscript.exe, 00000000.00000002.2522818795.00000125100FE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2519666628.00000125100FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/& |
Source: wscript.exe, 00000000.00000003.2520062183.00000125100D4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520794814.0000012510205000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/umxfl |
Source: wscript.exe, 00000000.00000003.2519666628.0000012510114000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2522818795.0000012510114000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/umxfl& |
Source: wscript.exe, 00000000.00000003.2519666628.0000012510114000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2522818795.0000012510114000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/umxflJ |
Source: wscript.exe, 00000000.00000003.2520313262.000001250E086000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2522362736.000001250E087000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/umxflerD |
Source: wscript.exe, 00000000.00000002.2522818795.00000125100FE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2519666628.00000125100FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/l |
Source: wscript.exe, 00000000.00000003.2325512254.000001250FD74000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2326031502.000001250FD7A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://pastsubposto.subpostosubposto/d/um |
Source: wscript.exe, 00000000.00000003.2325969324.000001250FD9E000.00000004.00000020.00020000.00000000.sdmp, windows.vbs |
String found in binary or memory: https://pastsubposto.subpostosubposto/d/umxfl |
Source: wscript.exe, 00000000.00000002.2522195506.000001250E000000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520794814.0000012510205000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://secure.gravatar.com |
Source: wscript.exe, 00000000.00000002.2522195506.000001250E000000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2519666628.0000012510143000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2522818795.0000012510143000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520794814.0000012510205000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://themes.googleusercontent.com |
Source: powershell.exe, 00000008.00000002.2702281796.000002CA158B3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://uploaddeimagens.com.br |
Source: powershell.exe, 00000008.00000002.2701828288.000002CA13776000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029 |
Source: wscript.exe, 00000000.00000002.2522195506.000001250E000000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520794814.0000012510205000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: wscript.exe, 00000000.00000002.2522195506.000001250E000000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2519666628.0000012510143000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2522818795.0000012510143000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520794814.0000012510205000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com; |
Source: wscript.exe, 00000000.00000002.2522195506.000001250E000000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2520794814.0000012510205000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |