Source: wscript.exe, 00000000.00000003.1333343530.0000023D97847000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1333608646.0000023D97814000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1332866074.0000023D97AB8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt0 |
Source: wscript.exe, 00000000.00000002.1356162762.0000023D977EC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1354541733.0000023D977E0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1332866074.0000023D97AB8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1355218122.0000023D977EC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: wscript.exe, 00000000.00000003.1333608646.0000023D97814000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1332866074.0000023D97AB8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: wscript.exe, 00000000.00000003.1333343530.0000023D97847000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1356162762.0000023D977EC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1333608646.0000023D97814000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1354541733.0000023D977E0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1332866074.0000023D97AB8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1355218122.0000023D977EC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl07 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0 |
Source: wscript.exe, 00000000.00000002.1356162762.0000023D977EC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1354541733.0000023D977E0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1332866074.0000023D97AB8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1355218122.0000023D977EC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: wscript.exe, 00000000.00000003.1333608646.0000023D97814000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1332866074.0000023D97AB8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0? |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG3.crl0 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0~ |
Source: wscript.exe, 00000000.00000002.1356231389.0000023D9783E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1333582119.0000023D97847000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1355352075.0000023D9783E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1343793550.0000023D9788D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1354541733.0000023D977E0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1356231389.0000023D97822000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1355352075.0000023D9781D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1354541733.0000023D9783E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1355218122.0000023D977EC000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.0.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: wscript.exe, 00000000.00000003.1355418070.0000023D977D0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1354833341.0000023D977CF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1356162762.0000023D977D0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enG=Def |
Source: wscript.exe, 00000000.00000003.1343793550.0000023D9784B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?e936f3372f |
Source: msiexec.exe, 00000007.00000003.1853013269.000000000501A000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2634220952.0000000004FEF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1854570981.0000000005066000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1794345263.000000000506F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2634426863.000000000506F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1779759485.000000000506C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2634220952.0000000005009000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1789210479.000000000506F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1854784125.000000000506F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gp |
Source: msiexec.exe, 00000007.00000002.2634220952.0000000004FEF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gpl |
Source: msiexec.exe, 00000007.00000002.2634220952.0000000004FEF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gpp |
Source: powershell.exe, 00000002.00000002.1523751106.000001C4F4AC2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1661877856.0000000005ED9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://ocsp.digicert.com0: |
Source: wscript.exe, 00000000.00000003.1333608646.0000023D97814000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1332866074.0000023D97AB8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: wscript.exe, 00000000.00000003.1333343530.0000023D97847000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1356162762.0000023D977EC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1333608646.0000023D97814000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1354541733.0000023D977E0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1332866074.0000023D97AB8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1355218122.0000023D977EC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://ocsp.digicert.com0H |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://ocsp.digicert.com0I |
Source: wscript.exe, 00000000.00000002.1356162762.0000023D977EC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1354541733.0000023D977E0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1332866074.0000023D97AB8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1355218122.0000023D977EC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://ocsp.msocsp.com0 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://ocsp.msocsp.com0S |
Source: powershell.exe, 00000004.00000002.1643774496.0000000004FC7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.1487804584.000001C4E4A51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1643774496.0000000004E71000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000002.00000002.1487804584.000001C4E66A9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://sf4l.shop |
Source: powershell.exe, 00000004.00000002.1643774496.0000000004FC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1670991960.00000000078AA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: http://www.digicert.com/CPS0~ |
Source: msiexec.exe, msiexec.exe, 0000000D.00000002.1800854936.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.ebuddy.com |
Source: msiexec.exe, msiexec.exe, 0000000D.00000003.1800717874.0000000002B3D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000D.00000002.1801265819.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000D.00000003.1800739348.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000D.00000002.1800854936.0000000000400000.00000040.80000000.00040000.00000000.sdmp, msiexec.exe, 0000000D.00000003.1800694237.0000000002B3D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.imvu.com |
Source: msiexec.exe, 00000007.00000002.2647088933.00000000208D0000.00000040.10000000.00040000.00000000.sdmp, msiexec.exe, 0000000D.00000002.1800854936.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com |
Source: msiexec.exe, 0000000D.00000003.1800717874.0000000002B3D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000D.00000002.1801265819.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000D.00000003.1800739348.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000D.00000003.1800694237.0000000002B3D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comppData |
Source: msiexec.exe, 00000007.00000002.2647088933.00000000208D0000.00000040.10000000.00040000.00000000.sdmp, msiexec.exe, 0000000D.00000002.1800854936.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comr |
Source: msiexec.exe, 0000000B.00000002.1811369548.00000000029A2000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: http://www.nirsoft.net |
Source: msiexec.exe, 0000000D.00000002.1800854936.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.nirsoft.net/ |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=P |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaot |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://aefd.nelreports.net/api/report?cat=wsb |
Source: powershell.exe, 00000002.00000002.1487804584.000001C4E4A51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000004.00000002.1643774496.0000000004E71000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://config.edge.skype.com/config/v1/ODSP_Sync_Client/19.043.0304.0013?UpdateRing=Prod&OS=Win&OSV |
Source: powershell.exe, 00000004.00000002.1661877856.0000000005ED9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000004.00000002.1661877856.0000000005ED9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000004.00000002.1661877856.0000000005ED9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://ecfdb90f321c52ef6e93077f63413543.azr.footprintdns.com/apc/trans.gif?bd78002c55888096ce060c58 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://ecfdb90f321c52ef6e93077f63413543.azr.footprintdns.com/apc/trans.gif?c2fcd52267835a3e34f9ac05 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c& |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://fp-afd.azurefd.us/apc/trans.gif?69c749c200c753dfb00f5bc8299ab8eb |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://fp-afd.azurefd.us/apc/trans.gif?a2555e10569a45fe03b885d268c50da9 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://fp-as.azureedge.net/apc/trans.gif?23ecc2fb73d617d9826364f47d1067db |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://fp-as.azureedge.net/apc/trans.gif?7bac4e73e9b20fcc41dc97447167937d |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://fp.msedge.net/conf/v2/asgw/fpconfig.min.json?monitorId=asgw |
Source: powershell.exe, 00000004.00000002.1643774496.0000000004FC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1670991960.00000000078AA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000002.00000002.1487804584.000001C4E55FC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com: |
Source: msiexec.exe, 0000000B.00000002.1811966044.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfh |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live |
Source: msiexec.exe |
String found in binary or memory: https://login.yahoo.com/config/login |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2.css |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOq |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2.js |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js |
Source: powershell.exe, 00000002.00000002.1523751106.000001C4F4AC2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1661877856.0000000005ED9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2022-09-17-00-05-23/PreSignInSettingsConfig.json?One |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-05-07-50-22/PreSignInSettingsConfig.json |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/update100.xml?OneDriveUpdate=d75433bcf1f9312f1975 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/741e3e8c607c445262f3add0e58b18f19e0502af.xml?OneDriveUpdate=ad62f4 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/ew-preload-inline-2523c8c1505f1172be19.js |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-104bffe9378b8041455c.js |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-35de8a913e.css |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-async-styles.a903b7d0ab82e5bd2f8a.chunk.v7.css |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bootstrap-5e7af218e953d095fabf.js |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-3a99f64809c6780df035.js |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-994d8943fc9264e2f8d3.css |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-fluent~left-nav-rc.ac5cfbeadfd63fc27ffd.chunk.v7.js |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-forms-group~mru~officeforms-group-forms~officeforms |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-left-nav-rc.68ab311bcca4f86f9ef5.chunk.v7.js |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-mru.2ce72562ad7c0ae7059c.chunk.v7.js |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendor-bundle-ba2888a24179bf152f3d.js |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.169ce481376dceef3ef6.chunk.v7.c |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.b24d6b48aeb44c7b5bf6.chunk.v7.j |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwaunauth-9d8bc214ac.css |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedfontstyles-27fa2598d8.css |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedscripts-939520eada.js |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticpwascripts-30998bff8f.js |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticstylesfabric-35c34b95e3.css |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/hero-image-desktop-f6720a4145.jpg |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/lockup-mslogo-color-78c06e8898.png |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/microsoft-365-logo-01d5ecd01a.png |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-apps-image-46596a6856.png |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-checkmark-image-1999f0bf81.png |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/versionless/officehome/thirdpartynotice.html |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_regular.woff2 |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_semibold.woff2 |
Source: powershell.exe, 00000002.00000002.1487804584.000001C4E4C76000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1487804584.000001C4E640C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://sf4l.shop |
Source: msiexec.exe, 00000007.00000002.2634220952.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sf4l.shop/ |
Source: powershell.exe, 00000002.00000002.1487804584.000001C4E4C76000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://sf4l.shop/zWAbmrmP/Diwani.pfbP |
Source: powershell.exe, 00000004.00000002.1643774496.0000000004FC7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://sf4l.shop/zWAbmrmP/Diwani.pfbXR |
Source: msiexec.exe, 00000007.00000002.2634220952.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2646463919.0000000020060000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://sf4l.shop/znUvwLfo/XAManxzmrlwVYAnDZ78.bin |
Source: msiexec.exe, 00000007.00000002.2634220952.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sf4l.shop/znUvwLfo/XAManxzmrlwVYAnDZ78.binzw |
Source: msiexec.exe, msiexec.exe, 0000000D.00000002.1800854936.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: msiexec.exe |
String found in binary or memory: https://www.google.com/accounts/servicelogin |
Source: bhv528A.tmp.11.dr |
String found in binary or memory: https://www.office.com/ |