Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.39.71 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: cert9.db.9.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
Source: cert9.db.9.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
Source: cert9.db.9.dr |
String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
Source: cert9.db.9.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: cert9.db.9.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: cert9.db.9.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
Source: cert9.db.9.dr |
String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000302E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://icanhazip.com |
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000302E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://icanhazip.com/ |
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000307E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com |
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000307E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com/line/?fields=hosting |
Source: cert9.db.9.dr |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: cert9.db.9.dr |
String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
Source: powershell.exe, 00000005.00000002.1706558041.0000021CD9113000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000003.00000002.1937420985.000001E4CFD41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1706558041.0000021CD8EF1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: AddInProcess32.exe, 00000009.00000002.1681596776.00000000030DC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://whatismyipaddressnow.co |
Source: powershell.exe, 00000005.00000002.1706558041.0000021CD9113000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: cert9.db.9.dr |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: cert9.db.9.dr |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: powershell.exe, 00000003.00000002.1937420985.000001E4CFCF9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6 |
Source: powershell.exe, 00000003.00000002.1937420985.000001E4CFD12000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1706558041.0000021CD8EF1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://analytics.paste.ee |
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://analytics.paste.ee; |
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdnjs.cloudflare.com |
Source: wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdnjs.cloudflare.com; |
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: AddInProcess32.exe, 00000009.00000002.1681596776.00000000031EF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hT |
Source: AddInProcess32.exe, 00000009.00000002.1681596776.00000000031EF000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.00000000030C2000.00000004.00000800.00020000.00000000.sdmp, tmp7752.tmp.dat.9.dr |
String found in binary or memory: https://chrome.google.com/webstore?hl=en |
Source: tmp7752.tmp.dat.9.dr |
String found in binary or memory: https://chrome.google.com/webstore?hl=enWeb |
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fonts.googleapis.com |
Source: wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fonts.gstatic.com; |
Source: powershell.exe, 00000005.00000002.1706558041.0000021CD9113000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000003.00000002.1977414907.000001E4E7D10000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://go.microsoft.co |
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.comZ |
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/H |
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/_ |
Source: wscript.exe, 00000000.00000003.1408406314.00000260C4BEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1409759305.00000260C4BF4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4BF4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411362998.00000260C4A80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408211017.00000260C4A8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/3dasY |
Source: wscript.exe, 00000000.00000003.1408406314.00000260C4BEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1409759305.00000260C4BF4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4BF4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/3dasY$ |
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/3dasY0 |
Source: wscript.exe, 00000000.00000003.1409306033.00000260C2CFD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411281235.00000260C2D37000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410321938.00000260C2D37000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/3dasY4 |
Source: wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/3dasYz |
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://secure.gravatar.com |
Source: tmpB97.tmp.dat.9.dr |
String found in binary or memory: https://support.mozilla.org |
Source: tmpB97.tmp.dat.9.dr |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: tmpB97.tmp.dat.9.dr |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l |
Source: wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://themes.googleusercontent.com |
Source: powershell.exe, 00000005.00000002.1706558041.0000021CD9113000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://uploaddeimagens.com.br |
Source: powershell.exe, 00000005.00000002.1706558041.0000021CD8EF1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138 |
Source: AddInProcess32.exe, 00000009.00000002.1681596776.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.00000000030DC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://whatismyipaddressnow.co |
Source: AddInProcess32.exe, 00000009.00000002.1681596776.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://whatismyipaddressnow.co/API/FETCH/filter.php?countryid=14&token=vKEV5IjRm7wh |
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000302E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://whatismyipaddressnow.co/API/FETCH/getcountry.php |
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com; |
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |
Source: tmpB97.tmp.dat.9.dr |
String found in binary or memory: https://www.mozilla.org |
Source: tmpB97.tmp.dat.9.dr |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr |
Source: tmpB97.tmp.dat.9.dr |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK |
Source: tmpB97.tmp.dat.9.dr |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: tmpB97.tmp.dat.9.dr |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: AddInProcess32.exe, 00000009.00000002.1681596776.00000000034CE000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.0000000003054000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.00000000031EF000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.00000000030C2000.00000004.00000800.00020000.00000000.sdmp, tmpE8C2.tmp.dat.9.dr |
String found in binary or memory: https://www.office.com/ |
Source: AddInProcess32.exe, 00000009.00000002.1681596776.00000000034CE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/LR |
Source: tmpE8C2.tmp.dat.9.dr |
String found in binary or memory: https://www.office.com/Office |
Source: AddInProcess32.exe, 00000009.00000002.1735664078.000000000616C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.oracle.com/technetwork/java/javase/downloads |