Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: MSBuild.exe, 00000007.00000002.3315094213.00000000032AA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://api.telegram.org |
Source: powershell.exe, 00000004.00000002.2481321303.000001429006D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000004.00000002.2192954953.0000014280223000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.2512757575.0000020D279BE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2192954953.0000014280001000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.3315094213.0000000003296000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000004.00000002.2192954953.0000014280223000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: MSBuild.exe, 00000007.00000002.3305111919.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://account.dyn.com/ |
Source: powershell.exe, 00000002.00000002.2512757575.0000020D27971000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6 |
Source: powershell.exe, 00000002.00000002.2512757575.0000020D2798A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2192954953.0000014280001000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: wscript.exe, 00000000.00000003.2044763280.000002B9568A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046656305.000002B957010000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://analytics.paste.ee |
Source: wscript.exe, 00000000.00000003.2044763280.000002B9568A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046656305.000002B957010000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://analytics.paste.ee; |
Source: MSBuild.exe, 00000007.00000002.3315094213.0000000003296000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org |
Source: MSBuild.exe, 00000007.00000002.3315094213.0000000003241000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.3305111919.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot6407972891:AAEvOm4dEtVGh3Nk7hoxcq00ys_9pap2veU/ |
Source: MSBuild.exe, 00000007.00000002.3315094213.0000000003292000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot6407972891:AAEvOm4dEtVGh3Nk7hoxcq00ys_9pap2veU/sendDocument |
Source: wscript.exe, 00000000.00000003.2044763280.000002B9568A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046656305.000002B957010000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdnjs.cloudflare.com |
Source: wscript.exe, 00000000.00000003.2044763280.000002B9568A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046656305.000002B957010000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdnjs.cloudflare.com; |
Source: powershell.exe, 00000004.00000002.2481321303.000001429006D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000004.00000002.2481321303.000001429006D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000004.00000002.2481321303.000001429006D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: wscript.exe, 00000000.00000003.2044763280.000002B9568A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046656305.000002B957010000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fonts.googleapis.com |
Source: wscript.exe, 00000000.00000003.2044763280.000002B9568A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046656305.000002B957010000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fonts.gstatic.com; |
Source: powershell.exe, 00000004.00000002.2192954953.0000014280223000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: wscript.exe, 00000000.00000003.2043378008.000002B956753000.00000004.00000020.00020000.00000000.sdmp, Reconfirm Details.vbs |
String found in binary or memory: https://lesferch.github.io/DesktopPic |
Source: wscript.exe, 00000000.00000003.2041706715.000002B957040000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046656305.000002B957039000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com |
Source: powershell.exe, 00000004.00000002.2481321303.000001429006D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: wscript.exe, 00000000.00000003.2041706715.000002B957040000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046656305.000002B957039000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/ |
Source: wscript.exe, 00000000.00000003.2041706715.000002B95709F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2044904882.000002B954A21000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2043824616.000002B954A3E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046396149.000002B954A43000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2044763280.000002B9568A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2043926546.000002B954A21000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046306780.000002B954A21000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2040806927.000002B956753000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2042136792.000002B956711000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2040879582.000002B95675A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2044451741.000002B95675C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2043903240.000002B954A42000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2041706715.000002B957040000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2043790050.000002B954A30000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2044257368.000002B954A21000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2043378008.000002B956753000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2044963255.000002B954A21000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/IKfbD |
Source: wscript.exe, 00000000.00000003.2041706715.000002B957040000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/IKfbD) |
Source: wscript.exe, 00000000.00000003.2041706715.000002B957040000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046656305.000002B957039000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/IKfbD- |
Source: wscript.exe, 00000000.00000003.2043824616.000002B954A3E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046396149.000002B954A43000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2043903240.000002B954A42000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2043790050.000002B954A30000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/IKfbDJ |
Source: wscript.exe, 00000000.00000003.2041706715.000002B957040000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/IKfbDuser |
Source: wscript.exe, 00000000.00000003.2041706715.000002B957040000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046656305.000002B957039000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/IKfbDm |
Source: wscript.exe, 00000000.00000003.2044763280.000002B9568A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046656305.000002B957010000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://secure.gravatar.com |
Source: wscript.exe, 00000000.00000003.2044763280.000002B9568A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046656305.000002B957010000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://themes.googleusercontent.com |
Source: powershell.exe, 00000004.00000002.2192954953.0000014280223000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://uploaddeimagens.com.br |
Source: powershell.exe, 00000002.00000002.2573305651.0000020D3FBC0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://uploaddeimagens.com.br/images/004/773/797/original/P |
Source: powershell.exe, 00000004.00000002.2192954953.0000014280001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2192954953.0000014280223000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029 |
Source: wscript.exe, 00000000.00000003.2044763280.000002B9568A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046656305.000002B957010000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: wscript.exe, 00000000.00000003.2044763280.000002B9568A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046656305.000002B957010000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com; |
Source: wscript.exe, 00000000.00000003.2044763280.000002B9568A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2046656305.000002B957010000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |
Source: unknown |
Network traffic detected: HTTP traffic on port 49674 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49675 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49710 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49710 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49673 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49706 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49707 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49705 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49703 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49704 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49707 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49706 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49713 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49705 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49704 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49703 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49713 |