Source: wscript.exe, 00000000.00000002.1885694563.000001A860220000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1666302244.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879538877.000001A85E509000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856696221.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879175290.000001A860222000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856630795.000001A86023C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879196524.000001A85E4ED000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1855839456.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665749382.000001A860230000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665816178.000001A85E509000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665865168.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878753795.000001A85E58C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884599780.000001A860225000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1885383536.000001A85E58C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1885713037.000001A860225000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1877954656.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879515265.000001A860250000.00000004.00000020.00020000.00000000.sdmp, S847453-receipt.vbs |
String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspx |
Source: wscript.exe, 00000000.00000003.1878753795.000001A85E58C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1885383536.000001A85E58C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspxW |
Source: wscript.exe, 00000000.00000003.1666302244.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856696221.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1855839456.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665865168.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1877954656.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879515265.000001A860250000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspxd |
Source: wscript.exe, 00000000.00000003.1666634236.000001A86022A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1666264631.000001A860224000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspxelp_ |
Source: wscript.exe, 00000000.00000002.1885341405.000001A85E53D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878557421.000001A85E53C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspxoG2 |
Source: powershell.exe, 00000007.00000002.2642487198.000001C590071000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000007.00000002.2281228806.000001C580223000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000003.00000002.2812838257.000002090009E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2281228806.000001C580001000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000007.00000002.2281228806.000001C580223000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000003.00000002.2812838257.0000020900059000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6 |
Source: powershell.exe, 00000003.00000002.2812838257.000002090006C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2281228806.000001C580001000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://analytics.paste.ee |
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://analytics.paste.ee; |
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdnjs.cloudflare.com |
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdnjs.cloudflare.com; |
Source: powershell.exe, 00000007.00000002.2642487198.000001C590071000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000007.00000002.2642487198.000001C590071000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000007.00000002.2642487198.000001C590071000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fonts.googleapis.com |
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fonts.gstatic.com; |
Source: powershell.exe, 00000007.00000002.2281228806.000001C580223000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: wscript.exe, 00000000.00000002.1886130177.000001A8605D7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878261147.000001A8605CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605D6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com |
Source: powershell.exe, 00000007.00000002.2642487198.000001C590071000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: wscript.exe, 00000000.00000003.1878261147.000001A8605AA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886063034.000001A8605AF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/ |
Source: wscript.exe, 00000000.00000003.1878261147.000001A8605AA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886063034.000001A8605AF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/; |
Source: wscript.exe, 00000000.00000002.1885694563.000001A860220000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886130177.000001A8605D7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856630795.000001A86023C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878261147.000001A8605CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605D6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879378362.000001A8605A2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856696221.000001A86024C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879106103.000001A8605A1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1885998798.000001A8605A2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878532060.000001A860599000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/Pz7Nj |
Source: wscript.exe, 00000000.00000002.1885271657.000001A85E531000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879196524.000001A85E531000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879538877.000001A85E531000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/Pz7Njec1 |
Source: wscript.exe, 00000000.00000003.1666302244.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879538877.000001A85E509000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856696221.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879196524.000001A85E4ED000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1855839456.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665749382.000001A860230000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1666634236.000001A86022A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665816178.000001A85E509000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665865168.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1666264631.000001A860224000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1877954656.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879515265.000001A860250000.00000004.00000020.00020000.00000000.sdmp, S847453-receipt.vbs |
String found in binary or memory: https://pastzangam.zangamzangam/d/Pz7Nj |
Source: wscript.exe, 00000000.00000003.1666302244.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856696221.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1855839456.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665865168.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1877954656.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879515265.000001A860250000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://pastzangam.zangamzangam/d/Pz7NjC |
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://secure.gravatar.com |
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://themes.googleusercontent.com |
Source: powershell.exe, 00000007.00000002.2281228806.000001C580223000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://uploaddeimagens.com.br |
Source: powershell.exe, 00000007.00000002.2281228806.000001C580001000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029 |
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com; |
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |