Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
tgeh_1.svg

Overview

General Information

Sample name:tgeh_1.svg
Analysis ID:1596556
MD5:a5921f0d82f43a98d6e453ae030c1d62
SHA1:95d53890582512016544dce3eb0a13d6829877db
SHA256:19730def5b4a407fc724fd6500103f41c87ef1a9d4c5137055f4be1dbde8daaa
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Allocates memory with a write watch (potentially for evading sandboxes)
Detected potential crypto function
Detected suspicious crossdomain redirect
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64_ra
  • msedge.exe (PID: 6516 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\Desktop\tgeh_1.svg MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6840 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1956,i,11479995490611015908,1600878876861013111,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 6868 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\Desktop\tgeh_1.svg MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7124 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2020,i,2260203174900099585,11195573618268798859,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7276 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6552 --field-trial-handle=2020,i,2260203174900099585,11195573618268798859,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7296 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6772 --field-trial-handle=2020,i,2260203174900099585,11195573618268798859,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3928 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=3680 --field-trial-handle=2020,i,2260203174900099585,11195573618268798859,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • WWAHost.exe (PID: 2848 cmdline: "C:\Windows\system32\wwahost.exe" -ServerName:App.wwa MD5: 69318AE264A1E45ED570CEDCDC4B7B69)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://copeescan.es/Avira URL Cloud: Label: malware
Source: C:\Windows\System32\WWAHost.exeCode function: 4x nop then dec eax23_3_000002460179A27E
Source: C:\Windows\System32\WWAHost.exeCode function: 4x nop then dec eax23_3_000002460179A3FF
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeHTTP traffic: Redirect from: www.google.com.mx to https://jlvuu.solcorp.com.es/brim33/dhopeew/mxjc/todd.bash@xfab.com
Source: Joe Sandbox ViewIP Address: 199.232.196.193 199.232.196.193
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewIP Address: 172.64.41.3 172.64.41.3
Source: Joe Sandbox ViewIP Address: 13.107.5.80 13.107.5.80
Source: global trafficHTTP traffic detected: GET /ydNg8uY.png HTTP/1.1Host: imgur.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: OPTIONS /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveOrigin: https://business.bing.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /ydNg8uY.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /crx/blobs/AcmIXbpGoRruM6Rg2pdHIUfNGnvAwJcqpFoWJV4Xd6PeYFnv5YpJ0-GVzjWL6XpCDzrg9cVo2bTwfPVau85UdyeFfZQe-rOdS7oyguq-391NmfeQd9WZZkjpgIbL1I5KKEcAxlKa5Z8JDrufy52udyO9TokqhOw4Sbnj/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: POST /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveContent-Length: 471Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: POST /undersideproactive/api/v1/trigger HTTP/1.1Host: services.bingapis.comConnection: keep-aliveContent-Length: 212Content-Type: application/jsonSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /amp/s/jlvuu.solcorp.com.es/brim33/dhopeew/mxjc/todd.bash@xfab.com HTTP/1.1Host: www.google.com.mxConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: OPTIONS /csp/report-to/gws/cdt1 HTTP/1.1Host: csp.withgoogle.comConnection: keep-aliveOrigin: https://www.google.com.mxAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /brim33/dhopeew/mxjc/todd.bash@xfab.com HTTP/1.1Host: jlvuu.solcorp.com.esConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: POST /undersideproactive/api/v1/trigger HTTP/1.1Host: services.bingapis.comConnection: keep-aliveContent-Length: 196Content-Type: application/jsonSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /9bde58f6-4a0c-485f-961d-cfc205fae38e/todd.bash@xfab.com HTTP/1.1Host: copeescan.esConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://jlvuu.solcorp.com.es/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.80
Source: global trafficHTTP traffic detected: GET /ydNg8uY.png HTTP/1.1Host: imgur.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /ydNg8uY.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /crx/blobs/AcmIXbpGoRruM6Rg2pdHIUfNGnvAwJcqpFoWJV4Xd6PeYFnv5YpJ0-GVzjWL6XpCDzrg9cVo2bTwfPVau85UdyeFfZQe-rOdS7oyguq-391NmfeQd9WZZkjpgIbL1I5KKEcAxlKa5Z8JDrufy52udyO9TokqhOw4Sbnj/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /amp/s/jlvuu.solcorp.com.es/brim33/dhopeew/mxjc/todd.bash@xfab.com HTTP/1.1Host: www.google.com.mxConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /brim33/dhopeew/mxjc/todd.bash@xfab.com HTTP/1.1Host: jlvuu.solcorp.com.esConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /9bde58f6-4a0c-485f-961d-cfc205fae38e/todd.bash@xfab.com HTTP/1.1Host: copeescan.esConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://jlvuu.solcorp.com.es/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: Favicons.3.drString found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.facebook.com/&origin=PinningWizard equals www.facebook.com (Facebook)
Source: Favicons-journal.3.drString found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.facebook.com/&origin=PinningWizardh equals www.facebook.com (Facebook)
Source: Favicons-journal.3.dr, Favicons.3.drString found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.youtube.com/&origin=PinningWizard equals www.youtube.com (Youtube)
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: Favicons.3.drString found in binary or memory: ?https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: Favicons-journal.3.drString found in binary or memory: ?https://www.facebook.com/h equals www.facebook.com (Facebook)
Source: Favicons-journal.3.dr, Favicons.3.drString found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.youtube.com/&origin=PinningWizard equals www.youtube.com (Youtube)
Source: Favicons-journal.3.dr, Favicons.3.drString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: imgur.com
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: i.imgur.com
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownHTTP traffic detected: POST /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveContent-Length: 471Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Cache: CONFIG_NOCACHEAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Ref A: FFAAD4DF492B4B51A4668DE77E5BAA9C Ref B: EWR311000107053 Ref C: 2025-01-22T05:40:32ZDate: Wed, 22 Jan 2025 05:40:32 GMTConnection: closeContent-Length: 0
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Cache: CONFIG_NOCACHEAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Ref A: 4402CD097A1944619969FEAEB776C707 Ref B: EWR311000105053 Ref C: 2025-01-22T05:40:40ZDate: Wed, 22 Jan 2025 05:40:39 GMTConnection: closeContent-Length: 0
Source: WWAHost.exe, 00000017.00000002.2184077347.00000245FF6A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
Source: WWAHost.exe, 00000017.00000002.2192156766.00000245FF865000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512time
Source: WWAHost.exe, 00000017.00000002.2081030250.00000245EC219000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: WWAHost.exe, 00000017.00000002.2079927541.00000245EC1DF000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1763183533.00000245FF902000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1671467324.00000245EC250000.00000004.00000020.00020000.00000000.sdmp, Win10HostLogin_PCore_5fOF0GEDo1ZwmHQQO_-bbQ2[1].js.23.dr, Win10HostFinish_PCore_ndEts7k9mXLrw-HW6Lbyxw2[1].js.23.drString found in binary or memory: http://knockoutjs.com/
Source: WWAHost.exe, 00000017.00000002.2082297012.00000245EC28D000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1669303302.00000245EC1C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://passport.net/purpose
Source: WWAHost.exe, 00000017.00000002.2100276543.00000245EC846000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://passport.net/purposeX
Source: WWAHost.exe, 00000017.00000003.1671463025.00000245EC0D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://requirejs.org/docs/errors.html#
Source: WWAHost.exe, 00000017.00000002.2131201182.00000245FDA60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://requirejs.org/docs/errors.html#n
Source: WWAHost.exe, 00000017.00000002.2077892776.00000245EC0E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
Source: WWAHost.exe, 00000017.00000002.2077892776.00000245EC0E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policytory
Source: WWAHost.exe, 00000017.00000002.2077561832.00000245EC000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: WWAHost.exe, 00000017.00000002.2192156766.00000245FF865000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
Source: WWAHost.exe, 00000017.00000002.2181423026.00000245FF600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: WWAHost.exe, 00000017.00000002.2081030250.00000245EC219000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/.dll
Source: WWAHost.exe, 00000017.00000002.2077892776.00000245EC0E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/X
Source: WWAHost.exe, 00000017.00000002.2181423026.00000245FF600000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.2036599775.00000245E82F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/
Source: WWAHost.exe, 00000017.00000002.2079927541.00000245EC1DF000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1671467324.00000245EC250000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.json.org/json2.js
Source: WWAHost.exe, 00000017.00000002.2079927541.00000245EC1DF000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1763183533.00000245FF902000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1671467324.00000245EC250000.00000004.00000020.00020000.00000000.sdmp, Win10HostLogin_PCore_5fOF0GEDo1ZwmHQQO_-bbQ2[1].js.23.dr, Win10HostFinish_PCore_ndEts7k9mXLrw-HW6Lbyxw2[1].js.23.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: WWAHost.exe, 00000017.00000002.2054970695.0000023DE5641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.activedirectory-ppe.windowsazure.com/
Source: WWAHost.exe, 00000017.00000002.2054970695.0000023DE5641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.activedirectory.windowsazure.cn/
Source: WWAHost.exe, 00000017.00000002.2054970695.0000023DE5641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.activedirectory.windowsazure.com/
Source: WWAHost.exe, 00000017.00000002.2054970695.0000023DE5641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.activedirectory.windowsazure.us/
Source: WWAHost.exe, 00000017.00000002.2108148505.00000245ECA75000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live-int.com/
Source: WWAHost.exe, 00000017.00000002.2105299500.00000245EC980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.live-int.com/_veryExpensiveTagWithStack.get_veryExpensiveTagWithStack.set
Source: WWAHost.exe, 00000017.00000002.2107602539.00000245ECA50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/
Source: WWAHost.exe, 00000017.00000003.1971479576.0000024601340000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2188163744.00000245FF767000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2225565216.0000024601340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Agreement/TOU?id=80604&uiflavor=win10host&mkt=EN-GB&lc=2057&uaid=f2afb4d057
Source: WWAHost.exe, 00000017.00000003.1711508441.00000245FE6B0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1700763724.0000023DE57D3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2158105773.00000245FE6AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/ChangePassword?uaid=f2afb4d05779459eb0547bbbf5ba27ac
Source: WWAHost.exe, 00000017.00000002.2182826410.00000245FF66E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/ResetPassw
Source: WWAHost.exe, 00000017.00000003.1700763724.0000023DE57D3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2190613489.00000245FF800000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2155487092.00000245FE520000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/ResetPassword.aspx?id=80604&platform=Windows10&client_id=1E00004835BC29&cli
Source: WWAHost.exe, 00000017.00000003.1900883064.00000246117C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/ppsecure/InlineLogin.srf%3
Source: WWAHost.exe, 00000017.00000002.2105299500.00000245EC980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/https://account.live.com/
Source: WWAHost.exe, 00000017.00000003.1700763724.0000023DE57D3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2190613489.00000245FF800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/query.aspx?uaid=f2afb4d05779459eb0547bbbf5ba27ac&mkt=EN-GB&lc=2057&id=80604
Source: WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2114990242.00000245FCFE0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1752782553.00000245ECBDC000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2190613489.00000245FF800000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1706447883.0000023DE57E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/username/recover?id=80604&client_id=1E00004835BC29&mkt=EN-GB&lc=2057&uaid=f
Source: WWAHost.exe, 00000017.00000002.2189615749.00000245FF7C4000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2088839680.00000245EC498000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186670384.00000245FF719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdn.msauth.net
Source: WWAHost.exe, 00000017.00000002.2194303326.00000245FF943000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2181423026.00000245FF600000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186670384.00000245FF719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdn.msauth.net/
Source: WWAHost.exe, 00000017.00000002.2088839680.00000245EC498000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdnmsftuswe2.azureedge.net/
Source: WWAHost.exe, 00000017.00000002.2189615749.00000245FF7C4000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2088839680.00000245EC498000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdnvzeuno.azureedge.net/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://bard.google.com/
Source: WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://buy.live-int.com/
Source: WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://buy.live.com/
Source: Reporting and NEL.4.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: offscreendocument_main.js.3.dr, service_worker_bin_prod.js.3.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
Source: Web Data.3.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.3.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.3.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.3.drString found in binary or memory: https://chromewebstore.google.com/
Source: 814038e3-710f-4326-ae85-0dae33d7b120.tmp.4.dr, b53ecabf-e970-4aa4-a81b-e7b38b0ab454.tmp.4.drString found in binary or memory: https://clients2.google.com
Source: manifest.json0.3.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 814038e3-710f-4326-ae85-0dae33d7b120.tmp.4.dr, b53ecabf-e970-4aa4-a81b-e7b38b0ab454.tmp.4.drString found in binary or memory: https://clients2.googleusercontent.com
Source: 000003.log4.3.drString found in binary or memory: https://copeescan.es/
Source: Session_13381997924613582.3.drString found in binary or memory: https://copeescan.es/9bde58f6-4a0c-485f-961d-cfc205fae38e/todd.bash
Source: Reporting and NEL.4.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: manifest.json0.3.drString found in binary or memory: https://docs.google.com/
Source: manifest.json0.3.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.3.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.3.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.3.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.3.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.3.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.3.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.3.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.3.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.3.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.3.drString found in binary or memory: https://drive.google.com/
Source: Web Data.3.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.3.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.3.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log3.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log3.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log2.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.dr, HubApps Icons.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log3.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.dr, HubApps Icons.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log3.3.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://gaana.com/
Source: WWAHost.exe, 00000017.00000003.1775745533.0000024613942000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1972395446.0000024613F84000.00000004.00000020.00020000.00000000.sdmp, win10hostlogin_ppassword_87b08db3a1159bd1e299[1].js.23.dr, Win10HostLogin_PCore_5fOF0GEDo1ZwmHQQO_-bbQ2[1].js.23.dr, Win10HostFinish_PCore_ndEts7k9mXLrw-HW6Lbyxw2[1].js.23.drString found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: tgeh_1.svgString found in binary or memory: https://imgur.com/ydNg8uY.png
Source: 000003.log4.3.drString found in binary or memory: https://jlvuu.solcorp.com.es/
Source: WWAHost.exe, 00000017.00000002.2223118126.00000246012FB000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1973733221.00000246012F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: WWAHost.exe, 00000017.00000002.2186326090.00000245FF6E9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2088839680.00000245EC498000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1752782553.00000245ECBDC000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2190613489.00000245FF800000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1706447883.0000023DE57E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/
Source: WWAHost.exe, 00000017.00000002.2088426828.00000245EC471000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.2037142026.00000245EC010000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2056501988.0000023DE56B2000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2183580280.00000245FF67A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css
Source: WWAHost.exe, 00000017.00000003.1972332803.00000245FE5AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssX
Source: WWAHost.exe, 00000017.00000003.2037142026.00000245EC010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssss
Source: WWAHost.exe, 00000017.00000003.1711508441.00000245FE6B0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2158105773.00000245FE6AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/https://lgincdnvzeuno.azureedge.net/https://logincdn.msauth.n
Source: WWAHost.exe, 00000017.00000002.2074774136.00000245E8295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/microsoft.windows.cloudexperiencehost
Source: WWAHost.exe, 00000017.00000002.2181423026.00000245FF600000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2088839680.00000245EC498000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1752782553.00000245ECBDC000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2190613489.00000245FF800000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1706447883.0000023DE57E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/
Source: WWAHost.exe, 00000017.00000002.2088426828.00000245EC471000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2182039781.00000245FF623000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2182826410.00000245FF659000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.2037142026.00000245EC010000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2056501988.0000023DE56B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css
Source: WWAHost.exe, 00000017.00000002.2081030250.00000245EC219000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2189615749.00000245FF7CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css0
Source: WWAHost.exe, 00000017.00000002.2080640168.00000245EC1FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssa1f
Source: WWAHost.exe, 00000017.00000002.2081030250.00000245EC219000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.csshttps://lginc
Source: WWAHost.exe, 00000017.00000002.2081030250.00000245EC219000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssms-appx://mic
Source: WWAHost.exe, 00000017.00000002.2080640168.00000245EC1FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssss
Source: WWAHost.exe, 00000017.00000002.2081030250.00000245EC219000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssx
Source: WWAHost.exe, 00000017.00000002.2223118126.00000246012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/Failed
Source: WWAHost.exe, 00000017.00000002.2182397092.00000245FF643000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.2040758396.00000245FF637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://log.live.com/ppsecure/post.srf?mk
Source: WWAHost.exe, 00000017.00000002.2182397092.00000245FF643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logilive.com
Source: WWAHost.exe, 00000017.00000002.2108148505.00000245ECA75000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live-int.com/
Source: WWAHost.exe, 00000017.00000002.2105299500.00000245EC980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live-int.com/kget
Source: WWAHost.exe, 00000017.00000002.2190613489.00000245FF800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.c
Source: WWAHost.exe, 00000017.00000002.2089294119.00000245EC4D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: WWAHost.exe, 00000017.00000002.2103715953.00000245EC920000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1893571502.00000245FEB7A000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2055301093.0000023DE565C000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2183580280.00000245FF67A000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1935829105.00000245FEB7E000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2107602539.00000245ECA50000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186670384.00000245FF719000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2192156766.00000245FF865000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
Source: WWAHost.exe, 00000017.00000002.2088426828.00000245EC471000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/0
Source: WWAHost.exe, 00000017.00000002.2055301093.0000023DE565C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/0i
Source: WWAHost.exe, 00000017.00000003.1997454811.00000245FEB7D000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2168464538.00000245FEB7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/A
Source: WWAHost.exe, 00000017.00000002.2155487092.00000245FE52F000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1898258025.00000245FE52F000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1700763724.0000023DE57D3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1972931579.00000245FE529000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/GetCredentialType.srf?id=80604&client_id=000000004835BC29&platform=Windows10&
Source: WWAHost.exe, 00000017.00000002.2156016433.00000245FE540000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1700763724.0000023DE57D3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2190613489.00000245FF800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/GetSessionState.srf?platform=Windows10&id=80604&clientid=82864fa0-ed49-4711-8
Source: WWAHost.exe, 00000017.00000002.2068948340.00000245E809D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/MSA.CleanupPropertyBagmsa-IsNoPassword
Source: WWAHost.exe, 00000017.00000002.2182826410.00000245FF66E000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1700763724.0000023DE57D3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2190613489.00000245FF800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/cookiesDisabled.srf?uaid=f2afb4d05779459eb0547bbbf5ba27ac&mkt=EN-GB&lc=2057
Source: WWAHost.exe, 00000017.00000002.2183580280.00000245FF67A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/CDoc.TopLevelNavigation
Source: WWAHost.exe, 00000017.00000003.1958529323.00000245FFC56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/jsDisabled.srf?mkt=EN-GB&lc=2057&uaid=f2afb4d05779459eb0547bbbf5ba27ac
Source: WWAHost.exe, 00000017.00000002.2068948340.00000245E809D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/msScrollLimitXMin
Source: WWAHost.exe, 00000017.00000002.2192156766.00000245FF865000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/net
Source: WWAHost.exe, 00000017.00000002.2194303326.00000245FF943000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css
Source: WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecur
Source: WWAHost.exe, 00000017.00000002.2092959195.00000245EC600000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/
Source: WWAHost.exe, 00000017.00000002.2092959195.00000245EC600000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/0
Source: WWAHost.exe, 00000017.00000002.2092959195.00000245EC600000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/E
Source: WWAHost.exe, 00000017.00000002.2194303326.00000245FF943000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1700763724.0000023DE57D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf%3fplatform%3dWindows10%26id%3d80604%26clientid%3d828
Source: WWAHost.exe, 00000017.00000002.2182826410.00000245FF659000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=806
Source: WWAHost.exe, 00000017.00000003.2038586778.00000245EC043000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2158105773.00000245FE6AD000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2189080221.00000245FF7A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clienti
Source: WWAHost.exe, 00000017.00000003.1700869156.0000023DE57D0000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1898258025.00000245FE533000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1972931579.00000245FE529000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2155487092.00000245FE535000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?platform=Windows10&id=80604&clientid=82864fa0-ed49-4
Source: WWAHost.exe, 00000017.00000002.2193323344.00000245FF907000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1904109734.0000024611E46000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1975826394.0000024611E4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?platform=Windows10&route=C535_BL2&id=80604&clientid=
Source: WWAHost.exe, 00000017.00000002.2068948340.00000245E809D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/P
Source: WWAHost.exe, 00000017.00000002.2092959195.00000245EC600000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/https://login.live.com/ppsecure/p
Source: WWAHost.exe, 00000017.00000002.2192156766.00000245FF865000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/post.srf?mkt=en-GB&platform=Windows10&id=80604&clientid=82864fa0-ed4
Source: WWAHost.exe, 00000017.00000002.2068948340.00000245E809D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/s.Core
Source: WWAHost.exe, 00000017.00000002.2088839680.00000245EC498000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comkIK
Source: WWAHost.exe, 00000017.00000002.2102324932.00000245EC8C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline-ppe.com/WebApp/NextGenCredentials/
Source: WWAHost.exe, 00000017.00000002.2068948340.00000245E809D000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/
Source: WWAHost.exe, 00000017.00000002.2131564759.00000245FDA80000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2133073278.00000245FDB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/CloudDomainJoin/
Source: WWAHost.exe, 00000017.00000002.2133073278.00000245FDB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/ConnectAADAccount/
Source: WWAHost.exe, 00000017.00000002.2133073278.00000245FDB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/DeviceDisplayName/
Source: WWAHost.exe, 00000017.00000002.2133073278.00000245FDB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/DeviceSubscription/
Source: WWAHost.exe, 00000017.00000002.2131564759.00000245FDA80000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/NextGenCredentials/
Source: WWAHost.exe, 00000017.00000002.2131564759.00000245FDA80000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/OtaDomainJoin/
Source: WWAHost.exe, 00000017.00000002.2104899242.00000245EC960000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/OtaDomainJoin/https://login.microsoftonline.com/WebApp/Auto
Source: WWAHost.exe, 00000017.00000002.2104899242.00000245EC960000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/OtaDomainJoin/https://login.microsoftonline.com/WebApp/Wind
Source: WWAHost.exe, 00000017.00000002.2119142061.00000245FD280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/OtaDomainJoin/ms-appx-web://microsoft.cloudexperiencehost.t
Source: WWAHost.exe, 00000017.00000002.2131564759.00000245FDA80000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/UnifiedEnrollment/
Source: WWAHost.exe, 00000017.00000002.2119556475.00000245FD2A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/WindowsLogon/
Source: WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.de/ost
Source: WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.us/
Source: WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.us/ost
Source: WWAHost.exe, 00000017.00000002.2055301093.0000023DE565C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.partner.microsoftonline.cn/
Source: WWAHost.exe, 00000017.00000002.2103263639.00000245EC900000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2103715953.00000245EC920000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/
Source: WWAHost.exe, 00000017.00000002.2118776450.00000245FD260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/AutoPilot/A
Source: WWAHost.exe, 00000017.00000002.2119142061.00000245FD280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/CloudDomainJoin/
Source: WWAHost.exe, 00000017.00000002.2104899242.00000245EC960000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/ConnectAADAccount/https://login.windows-ppe.net/WebApp/CloudDom
Source: WWAHost.exe, 00000017.00000002.2104899242.00000245EC960000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/DeviceDisplayName/ms-appx-web://microsoft.cloudexperiencehost.t
Source: WWAHost.exe, 00000017.00000002.2133073278.00000245FDB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/DeviceSubscription/
Source: WWAHost.exe, 00000017.00000002.2131564759.00000245FDA80000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/NextGenCredentials/
Source: WWAHost.exe, 00000017.00000002.2119142061.00000245FD280000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2104899242.00000245EC960000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/OtaDomainJoin/
Source: WWAHost.exe, 00000017.00000002.2104899242.00000245EC960000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/OtaDomainJoin/https://login.windows-ppe.net/WebApp/WindowsLogon
Source: WWAHost.exe, 00000017.00000002.2131564759.00000245FDA80000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/UnifiedEnrollment/
Source: WWAHost.exe, 00000017.00000002.2119556475.00000245FD2A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/WindowsLogon/
Source: WWAHost.exe, 00000017.00000002.2105299500.00000245EC980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/https://login.windows-ppe.net/
Source: WWAHost.exe, 00000017.00000003.2039081538.00000245EC065000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local
Source: WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/
Source: WWAHost.exe, 00000017.00000002.2189615749.00000245FF7C4000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2088839680.00000245EC498000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186670384.00000245FF719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net
Source: WWAHost.exe, 00000017.00000002.2081030250.00000245EC219000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2194303326.00000245FF943000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1752782553.00000245ECBDC000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2190613489.00000245FF800000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186670384.00000245FF719000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2192156766.00000245FF865000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1706447883.0000023DE57E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/
Source: WWAHost.exe, 00000017.00000002.2221867830.00000246012A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/-
Source: WWAHost.exe, 00000017.00000002.2186670384.00000245FF700000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1752782553.00000245ECBDC000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2190613489.00000245FF800000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1706447883.0000023DE57E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000.30483.4/agreements/privacy/en-gb/privacy.txt?x=16.000.30483.4
Source: WWAHost.exe, 00000017.00000002.2186670384.00000245FF700000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000.30483.4/agreements/privacy/en-gb/privacy.txt?x=16.000.30483.44-10
Source: WWAHost.exe, 00000017.00000002.2155487092.00000245FE52F000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1898258025.00000245FE52F000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1972931579.00000245FE529000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000.30483.4/agreements/privacy/en-gb/privacy.txt?x=16.000.30483.4http
Source: WWAHost.exe, 00000017.00000003.1898258025.00000245FE533000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1700763724.0000023DE57D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000.30483.4/agreements/tou/en-oed/TOU.txt?x=16.000.30483.4
Source: WWAHost.exe, 00000017.00000003.1972931579.00000245FE529000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000.30483.4/agreements/tou/en-oed/TOU.txt?x=16.000.30483.4(__
Source: WWAHost.exe, 00000017.00000002.2073533129.00000245E8226000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2193323344.00000245FF907000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2182826410.00000245FF659000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.2037142026.00000245EC010000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2074774136.00000245E8295000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2077892776.00000245EC0E7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.2038586778.00000245EC03F000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186670384.00000245FF719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css
Source: WWAHost.exe, 00000017.00000002.2088426828.00000245EC471000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssLMEM
Source: WWAHost.exe, 00000017.00000002.2184077347.00000245FF6A4000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2077892776.00000245EC0E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.csshttps://logincdn.msau
Source: WWAHost.exe, 00000017.00000002.2079927541.00000245EC1B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssn1h2txyewy
Source: WWAHost.exe, 00000017.00000003.1958529323.00000245FFC56000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2182039781.00000245FF623000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2088839680.00000245EC498000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1977020603.0000024611AC0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186670384.00000245FF719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedFinishStrings.en-gb_9nf4XsCmQBVYrPryTE7g0Q2.j
Source: WWAHost.exe, 00000017.00000002.2158105773.00000245FE6A0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2182039781.00000245FF623000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.2037142026.00000245EC010000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186326090.00000245FF6E9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1972332803.00000245FE5AC000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1833331736.0000024611EA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_EGAppPAUCtwIo5cUw
Source: WWAHost.exe, 00000017.00000003.1976156807.0000024611E35000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2158105773.00000245FE6AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.js
Source: WWAHost.exe, 00000017.00000002.2163548350.00000245FE993000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.jsC:
Source: WWAHost.exe, 00000017.00000002.2074774136.00000245E8295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.jsfa0ca42727161c6d031bef
Source: WWAHost.exe, 00000017.00000003.2037142026.00000245EC010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.jss675SA2.css
Source: WWAHost.exe, 00000017.00000002.2074774136.00000245E8295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.jsy/
Source: WWAHost.exe, 00000017.00000002.2081030250.00000245EC219000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/_
Source: WWAHost.exe, 00000017.00000002.2115998512.00000245FD078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/j
Source: WWAHost.exe, 00000017.00000002.2182826410.00000245FF66E000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1700763724.0000023DE57D3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2190613489.00000245FF800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/
Source: WWAHost.exe, 00000017.00000003.2037142026.00000245EC010000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2115998512.00000245FD071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.sv
Source: WWAHost.exe, 00000017.00000002.2186670384.00000245FF700000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2115998512.00000245FD071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_d1229aefd268f350621d48f094122f69.pn
Source: WWAHost.exe, 00000017.00000002.2115998512.00000245FD071000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1929845469.00000245FF98D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_white_3007c55710b3b57c1417b83180a50
Source: WWAHost.exe, 00000017.00000002.2115998512.00000245FD071000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1929845469.00000245FF98D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_white_b8d123feb637875a2545c3cd3b241
Source: WWAHost.exe, 00000017.00000002.2115998512.00000245FD071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/arrow_right_4414e80d72df57a93999f9a0da2b489a.p
Source: WWAHost.exe, 00000017.00000002.2115998512.00000245FD071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/arrow_right_e5c5f012788e131326af53682ee17b31.s
Source: WWAHost.exe, 00000017.00000002.2115998512.00000245FD071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/arrow_right_white_102656e2f3f2b89b0e6e5c3d9d0f
Source: WWAHost.exe, 00000017.00000002.2115998512.00000245FD071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/arrow_right_white_f1c38c69f591d5868143f2df867a
Source: WWAHost.exe, 00000017.00000002.2186326090.00000245FF6E9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1833331736.0000024611EA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4
Source: WWAHost.exe, 00000017.00000002.2186326090.00000245FF6E9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1929845469.00000245FF98D000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2155487092.00000245FE520000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323
Source: WWAHost.exe, 00000017.00000002.2194303326.00000245FF943000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2182039781.00000245FF623000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.2037142026.00000245EC010000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2074774136.00000245E8295000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186326090.00000245FF6E9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1929845469.00000245FF98D000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.2036599775.00000245E82F3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2155487092.00000245FE520000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186670384.00000245FF719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b8006
Source: WWAHost.exe, 00000017.00000003.1833331736.0000024611EA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031be
Source: WWAHost.exe, 00000017.00000002.2194807669.00000245FF9AB000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186670384.00000245FF75A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f
Source: WWAHost.exe, 00000017.00000002.2186670384.00000245FF75A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_white_b71098d9cfa668f68191671a1
Source: WWAHost.exe, 00000017.00000002.2186670384.00000245FF75A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_white_f024dc0422bf3c64a9cb9605a
Source: WWAHost.exe, 00000017.00000003.1976635020.0000024611EA9000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186670384.00000245FF719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/Win10HostFinish_PCore_ndEts7k9mXLrw-HW6Lbyxw2.js
Source: WWAHost.exe, 00000017.00000002.2182039781.00000245FF623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/Win10HostFinish_PCore_ndEts7k9mXLrw-HW6Lbyxw2.jsjs
Source: WWAHost.exe, 00000017.00000002.2186670384.00000245FF700000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/Win10HostFinish_PCore_ndEts7k9mXLrw-HW6Lbyxw2.jsly
Source: WWAHost.exe, 00000017.00000002.2081030250.00000245EC219000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/Win10HostFinish_PCore_ndEts7k9mXLrw-HW6Lbyxw2.jsng
Source: WWAHost.exe, 00000017.00000002.2055301093.0000023DE565C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/Win10HostFinish_PCore_ndEts7k9mXLrw-HW6Lbyxw2.jsvg
Source: WWAHost.exe, 00000017.00000002.2186670384.00000245FF700000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.2037142026.00000245EC010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/Win10HostLogin_PCore_5fOF0GEDo1ZwmHQQO_-bbQ2.js
Source: WWAHost.exe, 00000017.00000003.1898258025.00000245FE52F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/Win10HostLogin_PCore_5fOF0GEDo1ZwmHQQO_-bbQ2.js(
Source: WWAHost.exe, 00000017.00000003.2037142026.00000245EC010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/Win10HostLogin_PCore_5fOF0GEDo1ZwmHQQO_-bbQ2.jsdll
Source: WWAHost.exe, 00000017.00000003.2037142026.00000245EC010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/Win10HostLogin_PCore_5fOF0GEDo1ZwmHQQO_-bbQ2.jsnly
Source: WWAHost.exe, 00000017.00000003.2037142026.00000245EC010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/Win10HostLogin_PCore_5fOF0GEDo1ZwmHQQO_-bbQ2.jssse
Source: WWAHost.exe, 00000017.00000002.2186670384.00000245FF700000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/Win10HostLogin_PCore_5fOF0GEDo1ZwmHQQO_-bbQ2.jsvid
Source: WWAHost.exe, 00000017.00000002.2074774136.00000245E8295000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186670384.00000245FF75A000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186326090.00000245FF6E9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1833331736.0000024611EA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/asyncchunk/win10hostlogin_ppassword_87b08db3a1159b
Source: WWAHost.exe, 00000017.00000002.2084096612.00000245EC2FD000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2075418350.00000245E82D0000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2223118126.00000246012EA000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2181423026.00000245FF600000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2161980266.00000245FE90A000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186670384.00000245FF719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
Source: WWAHost.exe, 00000017.00000002.2181423026.00000245FF600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.jsC:
Source: WWAHost.exe, 00000017.00000003.2037142026.00000245EC010000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2186326090.00000245FF6E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.jsLMEM
Source: WWAHost.exe, 00000017.00000002.2077892776.00000245EC0E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.jshttps://logincdn.msau
Source: WWAHost.exe, 00000017.00000002.2161980266.00000245FE90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.jsly
Source: WWAHost.exe, 00000017.00000002.2084096612.00000245EC2FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.jsms-appx://microsoft.w
Source: WWAHost.exe, 00000017.00000002.2161980266.00000245FE90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.jss?
Source: WWAHost.exe, 00000017.00000002.2186670384.00000245FF700000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.jsx=16.000.30483.4
Source: WWAHost.exe, 00000017.00000002.2223118126.00000246012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/e.bindingHandlers.htmlWithBindings.inite.bindingHandlers.addE
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://m.kugou.com/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://m.soundcloud.com/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://m.vk.com/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: WWAHost.exe, 00000017.00000002.2077892776.00000245EC0E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://microsoft.visualstudio.com/OS/_workitems/edit/20742103
Source: WWAHost.exe, 00000017.00000002.2077892776.00000245EC0E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://microsoft.visualstudio.com/OS/_workitems/edit/20742115
Source: WWAHost.exe, 00000017.00000003.1669569474.00000245EC154000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2087112054.00000245EC400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://microsoft.visualstudio.com/OS/_workitems?id=21748634&_a=edit
Source: WWAHost.exe, 00000017.00000002.2077892776.00000245EC0E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://microsoft.visualstudio.com/OS/_workitems?id=8705838&_a=edit)
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://music.amazon.com
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://music.apple.com
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://music.yandex.com
Source: WWAHost.exe, 00000017.00000002.2087917048.00000245EC443000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1668724573.00000245EC19A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mysite.com/Apps/App1
Source: WWAHost.exe, 00000017.00000002.2087917048.00000245EC443000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1668724573.00000245EC19A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mysite.com/Apps/App2
Source: WWAHost.exe, 00000017.00000003.1701095351.0000023DE57D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://n.lengthn
Source: WWAHost.exe, 00000017.00000002.2118776450.00000245FD260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oloobe.officeapps.live-int.com/
Source: WWAHost.exe, 00000017.00000002.2055301093.0000023DE565C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oloobe.officeapps.live-int.com/C:
Source: WWAHost.exe, 00000017.00000002.2055301093.0000023DE565C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oloobe.officeapps.live-int.com/https://oloobe.officeapps.live.com/
Source: WWAHost.exe, 00000017.00000002.2131564759.00000245FDA80000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2055301093.0000023DE565C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oloobe.officeapps.live.com/
Source: WWAHost.exe, 00000017.00000002.2131564759.00000245FDA80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live-int.com/windows/
Source: WWAHost.exe, 00000017.00000002.2055301093.0000023DE565C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/windows/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://open.spotify.com
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://password.ccsctp.com/
Source: WWAHost.exe, 00000017.00000002.2054970695.0000023DE5641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwordreset.activedirectory.windowsazure.cn/
Source: WWAHost.exe, 00000017.00000002.2118776450.00000245FD260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://passwordreset.microsoftonline.com/
Source: WWAHost.exe, 00000017.00000002.2055301093.0000023DE565C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwordreset.microsoftonline.com/003
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: WWAHost.exe, 00000017.00000002.2103715953.00000245EC920000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sdx.microsoft-int.com/
Source: WWAHost.exe, 00000017.00000002.2103263639.00000245EC900000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2103715953.00000245EC920000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sdx.microsoft-ppe.com/
Source: WWAHost.exe, 00000017.00000002.2108148505.00000245ECA75000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live-int.com/
Source: WWAHost.exe, 00000017.00000002.2108148505.00000245ECA75000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/
Source: WWAHost.exe, 00000017.00000003.1711385131.00000245FE54D000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2156016433.00000245FE540000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2182826410.00000245FF66E000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1700763724.0000023DE57D3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2190613489.00000245FF800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/signup?platform=Windows10&id=80604&clientid=82864fa0-ed49-4711-8395-a0e6003d
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://tidal.com/
Source: WWAHost.exe, 00000017.00000002.2055301093.0000023DE565C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tip.passwordreset.microsoftonline.com/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://twitter.com/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.3.drString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.3.drString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.3.drString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://vibe.naver.com/today
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://web.telegram.org/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://web.whatsapp.com
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: Favicons-journal.3.dr, Favicons.3.drString found in binary or memory: https://www.aliexpress.com/
Source: Favicons.3.drString found in binary or memory: https://www.amazon.com/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.deezer.com/
Source: tgeh_1.svgString found in binary or memory: https://www.google.com.mx/amp/s/jlvuu.solcorp.com.es/brim33/dhopeew/mxjc/todd.bash
Source: content.js.3.dr, content_new.js.3.drString found in binary or memory: https://www.google.com/chrome
Source: Web Data.3.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.iheart.com/podcast/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.instagram.com
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.last.fm/
Source: Favicons-journal.3.dr, Favicons.3.drString found in binary or memory: https://www.live.com/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.messenger.com
Source: WWAHost.exe, 00000017.00000002.2057308885.0000023DE56F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/spartan/dhphttps://www.msn.com/spartan/mmx
Source: WWAHost.exe, 00000017.00000002.2057308885.0000023DE56F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/spartan/ntp
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: Favicons-journal.3.dr, Favicons.3.drString found in binary or memory: https://www.netflix.com/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.office.com
Source: Favicons-journal.3.dr, Favicons.3.drString found in binary or memory: https://www.office.com/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: Favicons-journal.3.dr, Favicons.3.drString found in binary or memory: https://www.reddit.com/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.tiktok.com/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://www.youtube.com
Source: Favicons-journal.3.dr, Favicons.3.drString found in binary or memory: https://www.youtube.com/
Source: 6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_0000024601881C5F23_3_0000024601881C5F
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_0000024601875BAC23_3_0000024601875BAC
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_000002460187435923_3_0000024601874359
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_000002460186742423_3_0000024601867424
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246018636CB23_3_00000246018636CB
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_0000024601855BE023_3_0000024601855BE0
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_000002460184786D23_3_000002460184786D
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_000002460182C1A123_3_000002460182C1A1
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_000002460180031623_3_0000024601800316
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_000002460180324F23_3_000002460180324F
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017E836923_3_00000246017E8369
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017E25EF23_3_00000246017E25EF
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017E303823_3_00000246017E3038
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017E311D23_3_00000246017E311D
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017DC4DA23_3_00000246017DC4DA
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017DC77723_3_00000246017DC777
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017D936323_3_00000246017D9363
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017C486423_3_00000246017C4864
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017C494923_3_00000246017C4949
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017B99A423_3_00000246017B99A4
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017A21AC23_3_00000246017A21AC
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017A271323_3_00000246017A2713
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_000002460179A27E23_3_000002460179A27E
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017D198C23_3_00000246017D198C
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_000002460182B25023_3_000002460182B250
Source: C:\Windows\System32\WWAHost.exeCode function: 23_2_00000245ECCAA2D823_2_00000245ECCAA2D8
Source: C:\Windows\System32\WWAHost.exeCode function: 23_2_00000245ECCC6DFF23_2_00000245ECCC6DFF
Source: WWAHost.exe, 00000017.00000003.1987366729.00000246014BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: applyClientEventBindingsh.Sln[0]tNe
Source: classification engineClassification label: mal48.winSVG@67/286@16/16
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6790845F-1974.pmaJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Temp\0879ca8c-3ad8-4a67-b53a-ce412eb63374.tmpJump to behavior
Source: C:\Windows\System32\WWAHost.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\Desktop\tgeh_1.svg
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1956,i,11479995490611015908,1600878876861013111,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\Desktop\tgeh_1.svg
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2020,i,2260203174900099585,11195573618268798859,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6552 --field-trial-handle=2020,i,2260203174900099585,11195573618268798859,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6772 --field-trial-handle=2020,i,2260203174900099585,11195573618268798859,262144 /prefetch:8
Source: unknownProcess created: C:\Windows\System32\WWAHost.exe "C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=3680 --field-trial-handle=2020,i,2260203174900099585,11195573618268798859,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1956,i,11479995490611015908,1600878876861013111,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2020,i,2260203174900099585,11195573618268798859,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6552 --field-trial-handle=2020,i,2260203174900099585,11195573618268798859,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6772 --field-trial-handle=2020,i,2260203174900099585,11195573618268798859,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=3680 --field-trial-handle=2020,i,2260203174900099585,11195573618268798859,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6772 --field-trial-handle=2020,i,2260203174900099585,11195573618268798859,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.staterepositorycore.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wwaext.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: edgehtml.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: chakra.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: icuuc.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: icuin.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: rometadata.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: icu.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.storage.applicationdata.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.staterepositoryclient.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: languageoverlayutil.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: uiamanager.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.ui.core.textinput.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.applicationmodel.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.graphics.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: edgemanager.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: ninput.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.internal.securitymitigationsbroker.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: edgeiso.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: profext.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wwaapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: cloudexperiencehostcommon.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wincorlib.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: usermgrproxy.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wuceffects.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: webruntimemanager.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.security.authentication.web.core.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: vaultcli.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: threadpoolwinrt.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: microsoftaccountwamextension.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: microsoftaccountextension.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: aadauthhelper.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: cryptngc.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.web.http.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.networking.connectivity.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: smartscreenps.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.web.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: webauthn.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: globinputhost.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: cryptowinrt.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246018843FA pushad ; iretd 23_3_00000246018843FB
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246018774FD pushad ; retf 23_3_00000246018774FE
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017FB2F8 pushad ; ret 23_3_00000246017FB317
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017F9248 pushad ; ret 23_3_00000246017F9267
Source: C:\Windows\System32\WWAHost.exeCode function: 23_3_00000246017F84A8 push eax; retf 23_3_00000246017F84CB
Source: C:\Windows\System32\WWAHost.exeCode function: 23_2_00000245ECCC5E87 pushad ; ret 23_2_00000245ECCC5E88
Source: C:\Windows\System32\WWAHost.exeCode function: 23_2_00000245ECCC5F88 pushad ; ret 23_2_00000245ECCC5F89
Source: C:\Windows\System32\WWAHost.exeCode function: 23_2_00000245ECCC5F09 pushad ; ret 23_2_00000245ECCC5F0A
Source: C:\Windows\System32\WWAHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245E7210000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245E80D0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245E81D0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245EBF60000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245EBFA0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245ECA90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245ECB90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FCED0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FD030000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FD090000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FD360000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FD3B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FD600000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FD7D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FD9E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FDB20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FDC90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FDE00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FDF40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FDF80000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FE0E0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FE1E0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FE400000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FEA00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FEB00000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FFC40000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 24601000000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245ECBD0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FE2E0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FF140000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FE600000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FF240000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FFA00000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 245FFB00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 24601140000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeWindow / User API: threadDelayed 2063Jump to behavior
Source: Web Data.3.drBinary or memory string: ms.portal.azure.comVMware20,11696586537
Source: Web Data.3.drBinary or memory string: account.microsoft.com/profileVMware20,11696586537u
Source: Web Data.3.drBinary or memory string: AMC password management pageVMware20,11696586537
Source: Web Data.3.drBinary or memory string: turbotax.intuit.comVMware20,11696586537t
Source: Web Data.3.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696586537
Source: Web Data.3.drBinary or memory string: discord.comVMware20,11696586537f
Source: Web Data.3.drBinary or memory string: dev.azure.comVMware20,11696586537j
Source: Web Data.3.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696586537
Source: Web Data.3.drBinary or memory string: Canara Transaction PasswordVMware20,11696586537x
Source: Web Data.3.drBinary or memory string: tasks.office.comVMware20,11696586537o
Source: Web Data.3.drBinary or memory string: bankofamerica.comVMware20,11696586537x
Source: Web Data.3.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696586537
Source: Web Data.3.drBinary or memory string: netportal.hdfcbank.comVMware20,11696586537
Source: Web Data.3.drBinary or memory string: interactivebrokers.comVMware20,11696586537
Source: Web Data.3.drBinary or memory string: trackpan.utiitsl.comVMware20,11696586537h
Source: Web Data.3.drBinary or memory string: global block list test formVMware20,11696586537
Source: WWAHost.exe, 00000017.00000002.2163548350.00000245FE993000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.3.drBinary or memory string: secure.bankofamerica.comVMware20,11696586537|UE
Source: Web Data.3.drBinary or memory string: Interactive Brokers - HKVMware20,11696586537]
Source: Web Data.3.drBinary or memory string: interactivebrokers.co.inVMware20,11696586537d
Source: WWAHost.exe, 00000017.00000002.2088237347.00000245EC46B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTVMWare
Source: Web Data.3.drBinary or memory string: Canara Transaction PasswordVMware20,11696586537}
Source: Web Data.3.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696586537
Source: Web Data.3.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696586537p
Source: Web Data.3.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696586537z
Source: Web Data.3.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696586537n
Source: Web Data.3.drBinary or memory string: outlook.office.comVMware20,11696586537s
Source: Web Data.3.drBinary or memory string: www.interactivebrokers.comVMware20,11696586537}
Source: Web Data.3.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696586537
Source: Web Data.3.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696586537^
Source: Web Data.3.drBinary or memory string: microsoft.visualstudio.comVMware20,11696586537x
Source: Web Data.3.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696586537~
Source: Web Data.3.drBinary or memory string: outlook.office365.comVMware20,11696586537t
Source: C:\Windows\System32\WWAHost.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\WWAHost.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\WWAHost.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\WWAHost.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\WWAHost.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\WWAHost.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\WWAHost.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\WWAHost.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS11
System Information Discovery		Distributed Component Object ModelInput Capture15
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1596556 Sample: tgeh_1.svg Startdate: 22/01/2025 Architecture: WINDOWS Score: 48 36 Antivirus detection for URL or domain 2->36 6 msedge.exe 104 420 2->6         started        9 msedge.exe 9 2->9         started        11 WWAHost.exe 14 38 2->11         started        process3 dnsIp4 24 192.168.2.17, 138, 443, 49691 unknown unknown 6->24 26 192.168.2.24 unknown unknown 6->26 28 239.255.255.250 unknown Reserved 6->28 13 msedge.exe 37 6->13         started        16 msedge.exe 6->16         started        18 msedge.exe 6->18         started        20 msedge.exe 6->20         started        22 msedge.exe 9->22         started        process5 dnsIp6 30 13.107.5.80, 443, 49797, 49798 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 13->30 32 googlehosted.l.googleusercontent.com 142.250.181.225, 443, 49718 GOOGLEUS United States 13->32 34 18 other IPs or domains 13->34

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://sdx.microsoft-int.com/0%Avira URL Cloudsafe
https://tip.passwordreset.microsoftonline.com/0%Avira URL Cloudsafe
https://log.live.com/ppsecure/post.srf?mk0%Avira URL Cloudsafe
https://sdx.microsoft-ppe.com/0%Avira URL Cloudsafe
https://signup.live-int.com/0%Avira URL Cloudsafe
https://microsoft.visualstudio.com/OS/_workitems/edit/207421150%Avira URL Cloudsafe
https://buy.live.com/0%Avira URL Cloudsafe
https://buy.live-int.com/0%Avira URL Cloudsafe
https://jlvuu.solcorp.com.es/brim33/dhopeew/mxjc/todd.bash@xfab.com0%Avira URL Cloudsafe
https://account.activedirectory.windowsazure.cn/0%Avira URL Cloudsafe
https://oloobe.officeapps.live-int.com/C:0%Avira URL Cloudsafe
https://n.lengthn0%Avira URL Cloudsafe
https://onedrive.live-int.com/windows/0%Avira URL Cloudsafe
https://copeescan.es/100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0016.t-0009.t-msedge.net
13.107.246.44
truefalse
    		high
    chrome.cloudflare-dns.com
    		172.64.41.3
    		truefalse
      		high
      imgur.com
      		199.232.196.193
      		truefalse
        		high
        a416.dscd.akamai.net
        		2.19.11.120
        		truefalse
          		high
          sni1gl.wpc.alphacdn.net
          		152.199.21.175
          		truefalse
            		high
            ssl.bingadsedgeextension-prod-europe.azurewebsites.net
            		94.245.104.56
            		truefalse
              		high
              s-part-0017.t-0009.t-msedge.net
              		13.107.246.45
              		truefalse
                		high
                googlehosted.l.googleusercontent.com
                		142.250.181.225
                		truefalse
                  		high
                  ipv4.imgur.map.fastly.net
                  		199.232.196.193
                  		truefalse
                    		high
                    clients2.googleusercontent.com
                    		unknown
                    		unknownfalse
                      		high
                      bzib.nelreports.net
                      		unknown
                      		unknownfalse
                        		high
                        i.imgur.com
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://i.imgur.com/ydNg8uY.pngfalse
                            		high
                            https://services.bingapis.com/undersideproactive/api/v1/triggerfalse
                              		high
                              https://imgur.com/ydNg8uY.pngfalse
                                		high
                                https://jlvuu.solcorp.com.es/brim33/dhopeew/mxjc/todd.bash@xfab.comfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.google.com.mx/amp/s/jlvuu.solcorp.com.es/brim33/dhopeew/mxjc/todd.bash@xfab.comfalse
                                  		high
                                  https://bzib.nelreports.net/api/report?cat=bingbusinessfalse
                                    		high

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://duckduckgo.com/chrome_newtabWeb Data.3.drfalse
                                      		high
                                      https://login.microsoftonline.com/WWAHost.exe, 00000017.00000002.2068948340.00000245E809D000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/ac/?q=Web Data.3.drfalse
                                          		high
                                          http://requirejs.org/docs/errors.html#WWAHost.exe, 00000017.00000003.1671463025.00000245EC0D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                              		high
                                              https://tip.passwordreset.microsoftonline.com/WWAHost.exe, 00000017.00000002.2055301093.0000023DE565C000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.last.fm/6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                		high
                                                https://account.live.com/query.aspx?uaid=f2afb4d05779459eb0547bbbf5ba27ac&mkt=EN-GB&lc=2057&id=80604WWAHost.exe, 00000017.00000003.1700763724.0000023DE57D3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2190613489.00000245FF800000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://deff.nelreports.net/api/report?cat=msnReporting and NEL.4.drfalse
                                                    		high
                                                    https://www.msn.com/spartan/dhphttps://www.msn.com/spartan/mmxWWAHost.exe, 00000017.00000002.2057308885.0000023DE56F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.jsWWAHost.exe, 00000017.00000002.2223118126.00000246012FB000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1973733221.00000246012F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://signup.live.com/signup?platform=Windows10&id=80604&clientid=82864fa0-ed49-4711-8395-a0e6003dWWAHost.exe, 00000017.00000003.1711385131.00000245FE54D000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2156016433.00000245FE540000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2182826410.00000245FF66E000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1700763724.0000023DE57D3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2190613489.00000245FF800000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.msn.com/spartan/ntpWWAHost.exe, 00000017.00000002.2057308885.0000023DE56F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.json.org/json2.jsWWAHost.exe, 00000017.00000002.2079927541.00000245EC1DF000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1671467324.00000245EC250000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/manifest.json0.3.drfalse
                                                                		high
                                                                https://sdx.microsoft-int.com/WWAHost.exe, 00000017.00000002.2103715953.00000245EC920000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://login.microsoftonline.com/WebApp/WindowsLogon/WWAHost.exe, 00000017.00000002.2119556475.00000245FD2A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://passwordreset.microsoftonline.com/003WWAHost.exe, 00000017.00000002.2055301093.0000023DE565C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.youtube.com6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                      		high
                                                                      https://login.windows-ppe.net/WebApp/AutoPilot/AWWAHost.exe, 00000017.00000002.2118776450.00000245FD260000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.instagram.com6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                          		high
                                                                          https://web.skype.com/?browsername=edge_canary_shoreline6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                            		high
                                                                            https://www.google.com.mx/amp/s/jlvuu.solcorp.com.es/brim33/dhopeew/mxjc/todd.bashtgeh_1.svgfalse
                                                                              		high
                                                                              https://account.live.com/username/recover?id=80604&client_id=1E00004835BC29&mkt=EN-GB&lc=2057&uaid=fWWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2114990242.00000245FCFE0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1752782553.00000245ECBDC000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2190613489.00000245FF800000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1706447883.0000023DE57E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://mysite.com/Apps/App1WWAHost.exe, 00000017.00000002.2087917048.00000245EC443000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1668724573.00000245EC19A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://drive.google.com/manifest.json0.3.drfalse
                                                                                    		high
                                                                                    https://www.netflix.com/Favicons-journal.3.dr, Favicons.3.drfalse
                                                                                      		high
                                                                                      https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=16013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                                        		high
                                                                                        https://login.windows-ppe.net/WebApp/NextGenCredentials/WWAHost.exe, 00000017.00000002.2131564759.00000245FDA80000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://log.live.com/ppsecure/post.srf?mkWWAHost.exe, 00000017.00000002.2182397092.00000245FF643000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.2040758396.00000245FF637000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=26013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                                            		high
                                                                                            https://mysite.com/Apps/App2WWAHost.exe, 00000017.00000002.2087917048.00000245EC443000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1668724573.00000245EC19A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.messenger.com6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                                                		high
                                                                                                https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                                                  		high
                                                                                                  https://outlook.office.com/mail/compose?isExtension=true6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                                                    		high
                                                                                                    https://www.reddit.com/Favicons-journal.3.dr, Favicons.3.drfalse
                                                                                                      		high
                                                                                                      https://sdx.microsoft-ppe.com/WWAHost.exe, 00000017.00000002.2103263639.00000245EC900000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2103715953.00000245EC920000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://unitedstates4.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.3.drfalse
                                                                                                        		high
                                                                                                        https://signup.live-int.com/WWAHost.exe, 00000017.00000002.2108148505.00000245ECA75000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://i.y.qq.com/n2/m/index.html6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                                                          		high
                                                                                                          https://www.deezer.com/6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                                                            		high
                                                                                                            https://account.live.com/ChangePassword?uaid=f2afb4d05779459eb0547bbbf5ba27acWWAHost.exe, 00000017.00000003.1711508441.00000245FE6B0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1700763724.0000023DE57D3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2158105773.00000245FE6AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://microsoft.visualstudio.com/OS/_workitems/edit/20742115WWAHost.exe, 00000017.00000002.2077892776.00000245EC0E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://login.microsoftonline.com/WebApp/ConnectAADAccount/WWAHost.exe, 00000017.00000002.2133073278.00000245FDB00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/wsdl/.dllWWAHost.exe, 00000017.00000002.2081030250.00000245EC219000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.office.com/Favicons-journal.3.dr, Favicons.3.drfalse
                                                                                                                    		high
                                                                                                                    https://web.telegram.org/6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                                                                      		high
                                                                                                                      https://login.windows-ppe.net/WebApp/OtaDomainJoin/WWAHost.exe, 00000017.00000002.2119142061.00000245FD280000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2104899242.00000245EC960000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702WWAHost.exe, 00000017.00000002.2184077347.00000245FF6A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://login.microsoftonline.com/WebApp/CloudDomainJoin/WWAHost.exe, 00000017.00000002.2131564759.00000245FDA80000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2133073278.00000245FDB00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://login.microsoftonline.com/WebApp/UnifiedEnrollment/WWAHost.exe, 00000017.00000002.2131564759.00000245FDA80000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2163144729.00000245FE97A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://cdnjs.cloudflare.com/ajax/libs/mathjax/offscreendocument_main.js.3.dr, service_worker_bin_prod.js.3.drfalse
                                                                                                                                		high
                                                                                                                                https://drive-daily-2.corp.google.com/manifest.json0.3.drfalse
                                                                                                                                  		high
                                                                                                                                  https://www.amazon.com/Favicons.3.drfalse
                                                                                                                                    		high
                                                                                                                                    https://drive-daily-4.corp.google.com/manifest.json0.3.drfalse
                                                                                                                                      		high
                                                                                                                                      https://account.activedirectory.windowsazure.cn/WWAHost.exe, 00000017.00000002.2054970695.0000023DE5641000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://vibe.naver.com/today6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                                                                                        		high
                                                                                                                                        https://buy.live.com/WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://unitedstates1.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.3.drfalse
                                                                                                                                          		high
                                                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.3.drfalse
                                                                                                                                            		high
                                                                                                                                            https://login.live-int.com/kgetWWAHost.exe, 00000017.00000002.2105299500.00000245EC980000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://buy.live-int.com/WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://github.com/douglascrockford/JSON-jsWWAHost.exe, 00000017.00000003.1775745533.0000024613942000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1972395446.0000024613F84000.00000004.00000020.00020000.00000000.sdmp, win10hostlogin_ppassword_87b08db3a1159bd1e299[1].js.23.dr, Win10HostLogin_PCore_5fOF0GEDo1ZwmHQQO_-bbQ2[1].js.23.dr, Win10HostFinish_PCore_ndEts7k9mXLrw-HW6Lbyxw2[1].js.23.drfalse
                                                                                                                                                		high
                                                                                                                                                https://login.microsoftonline.com/WebApp/OtaDomainJoin/https://login.microsoftonline.com/WebApp/WindWWAHost.exe, 00000017.00000002.2104899242.00000245EC960000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://passport.net/purposeXWWAHost.exe, 00000017.00000002.2100276543.00000245EC846000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://drive-daily-1.corp.google.com/manifest.json0.3.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://onedrive.live.com/windows/WWAHost.exe, 00000017.00000002.2055301093.0000023DE565C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://excel.new?from=EdgeM365Shoreline6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.youtube.com/Favicons-journal.3.dr, Favicons.3.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://drive-daily-5.corp.google.com/manifest.json0.3.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://account.live.com/ResetPasswWWAHost.exe, 00000017.00000002.2182826410.00000245FF66E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://n.lengthnWWAHost.exe, 00000017.00000003.1701095351.0000023DE57D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://passport.net/purposeWWAHost.exe, 00000017.00000002.2082297012.00000245EC28D000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1669303302.00000245EC1C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://login.windows.net/WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://www.opensource.org/licenses/mit-license.php)WWAHost.exe, 00000017.00000002.2079927541.00000245EC1DF000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1763183533.00000245FF902000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.1671467324.00000245EC250000.00000004.00000020.00020000.00000000.sdmp, Win10HostLogin_PCore_5fOF0GEDo1ZwmHQQO_-bbQ2[1].js.23.dr, Win10HostFinish_PCore_ndEts7k9mXLrw-HW6Lbyxw2[1].js.23.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.google.com/chromecontent.js.3.dr, content_new.js.3.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.tiktok.com/6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://password.ccsctp.com/WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://schemas.xmlsoap.org/wsdl/soap12/WWAHost.exe, 00000017.00000002.2181423026.00000245FF600000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000003.2036599775.00000245E82F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://docs.oasis-open.org/ws-sx/ws-trust/200512timeWWAHost.exe, 00000017.00000002.2192156766.00000245FF865000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://passwordreset.microsoftonline.com/WWAHost.exe, 00000017.00000002.2118776450.00000245FD260000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://schemas.xmlsoap.org/wsdl/WWAHost.exe, 00000017.00000002.2181423026.00000245FF600000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://login.microsoftonline.com/WebApp/DeviceSubscription/WWAHost.exe, 00000017.00000002.2133073278.00000245FDB00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://login.partner.microsoftonline.cn/WWAHost.exe, 00000017.00000002.2055301093.0000023DE565C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://chromewebstore.google.com/manifest.json.3.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://login.live-int.com/WWAHost.exe, 00000017.00000002.2108148505.00000245ECA75000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000017.00000002.2055958065.0000023DE568E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://drive-preprod.corp.google.com/manifest.json0.3.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://oloobe.officeapps.live-int.com/C:WWAHost.exe, 00000017.00000002.2055301093.0000023DE565C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://www.onenote.com/stickynotes?isEdgeHub=true&auth=26013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://copeescan.es/000003.log4.3.drfalse
                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://www.onenote.com/stickynotes?isEdgeHub=true&auth=16013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://chrome.google.com/webstore/manifest.json.3.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://y.music.163.com/m/6013b333-005a-465e-b6cf-7095a636dc39.tmp.3.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://onedrive.live-int.com/windows/WWAHost.exe, 00000017.00000002.2131564759.00000245FDA80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                                      		unknown

                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                      199.232.196.193
                                                                                                                                                                                                      		imgur.comUnited States
                                                                                                                                                                                                      		54113FASTLYUSfalse
                                                                                                                                                                                                      162.159.61.3
                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                      142.251.40.177
                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                      172.64.41.3
                                                                                                                                                                                                      		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                      13.107.5.80
                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                      172.67.132.32
                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                      104.21.36.112
                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                      104.18.95.41
                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                      2.21.65.154
                                                                                                                                                                                                      		unknownEuropean Union
                                                                                                                                                                                                      		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                      142.250.181.225
                                                                                                                                                                                                      		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                      142.250.65.227
                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                      239.255.255.250
                                                                                                                                                                                                      		unknownReserved
                                                                                                                                                                                                      		unknownunknownfalse
                                                                                                                                                                                                      2.19.11.120
                                                                                                                                                                                                      		a416.dscd.akamai.netEuropean Union
                                                                                                                                                                                                      		719ELISA-ASHelsinkiFinlandEUfalse
                                                                                                                                                                                                      104.17.25.14
                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                      Private

                                                                                                                                                                                                      IP
                                                                                                                                                                                                      192.168.2.17
                                                                                                                                                                                                      192.168.2.24

                                                                                                                                                                                                      General Information

                                                                                                                                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                      Analysis ID:1596556
                                                                                                                                                                                                      Start date and time:2025-01-22 06:38:00 +01:00
                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                      Overall analysis duration:0h 6m 33s
                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                      Number of analysed new started processes analysed:29
                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                      Sample name:tgeh_1.svg
                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                      Classification:mal48.winSVG@67/286@16/16
                                                                                                                                                                                                      EGA Information:Failed
                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                      • Successful, ratio: 97%
                                                                                                                                                                                                      • Number of executed functions: 1102
                                                                                                                                                                                                      • Number of non-executed functions: 4
                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                      • Found application associated with file extension: .svg

                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, TextInputHost.exe
                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 204.79.197.239, 13.107.21.239, 142.250.186.110, 13.107.6.158, 13.107.42.16, 184.30.131.245, 2.16.168.115, 2.16.168.122, 2.19.11.109, 2.19.11.105, 40.126.31.67, 20.190.159.73, 40.126.31.71, 20.190.159.23, 40.126.31.69, 20.190.159.64, 20.190.159.2, 20.190.159.71, 13.89.179.9, 142.251.41.3, 142.251.40.163, 142.250.72.99, 13.89.179.14, 172.183.192.109, 4.249.200.148, 94.245.104.56, 20.12.23.50, 13.107.246.45, 184.28.90.27, 13.107.246.40, 23.219.161.135, 52.111.227.28, 40.126.32.133, 13.107.5.88, 2.23.227.215, 4.231.68.226, 13.107.246.44, 20.93.72.182, 152.199.21.175, 204.79.197.237, 23.51.57.215, 104.126.114.27
                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, lgincdnmsftuswe2.azureedge.net, odc.officeapps.live.com, slscr.update.microsoft.com, data-edge.smartscreen.microsoft.com, edgeassetservice.afd.azureedge.net, browser.events.data.trafficmanager.net, nav.smartscreen.microsoft.com, prod-agic-cu-1.centralus.cloudapp.azure.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, onedscolprdcus09.centralus.cloudapp.azure.com, clients2.google.com, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, login.live.com, www.gstatic.com, l-0007.l-msedge.net, www.bing.com, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, lgincdnvzeuno.ec.azureedge.net, prod-atm-wds-edge.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, functional.events.data.microsoft.com, edgestatic.azureedge.net, edgeassetservice.azureedge.net, onedscolprdcus18.centralus.cloudapp.azure.com, clients.l.google.com, www.tm.lg.prod.aadmsa.trafficmana
                                                                                                                                                                                                      • Execution Graph export aborted for target WWAHost.exe, PID 2848 because it is empty
                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                      00:39:29API Interceptor11x Sleep call for process: WWAHost.exe modified

                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                      IPs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      13.107.5.80MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        Swift-TT680169 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                          Mansourbank Swift-TT379733 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                            Mansourbank Swift-TT680169 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                              https://ammyy.com/en/downloads.htmlGet hashmaliciousFlawedammyyBrowse
                                                                                                                                                                                                                http://elizgallery.com/js.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  MDE_File_Sample_1a8e4ebbcc2e3f76efb2a55bb6179417263ebf3d.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    HP Service File Loader.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bcu%C2%ADrio%C2%ADsi%C2%ADty%C2%ADh%C2%ADi%C2%ADve.%E2%80%8Bon%C2%ADline%2Fsys%2Fcss%2F36Cg6awhUCmCkqglue0g3yTJ/osman.turhan@hotmail.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        https://abex.co.in/1/?clickid=crj4hrne79is73f9g3kg&lp_key=17263275da2fd8c1a244a24d3218001b69e7968282&t1=1083194587&t2=.us.05.desktop.nonadult.windows.edge&key=7dfcf14e88e3f6336162#Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          162.159.61.3jmkykhjksefkyt.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                            MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              SpacesVoid Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                8RoqCjas5d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  uwmC39FNho.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                    PAYMENT RECEIPT.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                      random.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                        random.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                          Beweise_f#U00fcr_Handlungen_die_Rechte_am_geistigen_Eigentum_verletzen.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            Beweise_f#U00fcr_Handlungen_die_Rechte_am_geistigen_Eigentum_verletzen.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              199.232.196.193https://url7218.app.vib.community/ls/click?upn=u001.gwsKOlfYZiPASz-2BJe12Ff79BhTglMk-2FZBSykTF-2F-2FaO-2Foxe9hmjRm3NhKkvc9fTjU-2FldeGRrLKU0DxVX1PQqh25RKpLFwWLco6oGMojTRbnUaK4llJPCY6AmYd2XLd3slqJvrGJKs0AJHmgAy32wwM1UD6WN-2F1nzrc-2BMg2c3qbTbgXY-2B4CTfR32XO5gM66XEoM2zQ17DNvDx-2BK2vCRe3Hh-2Feon43HZhAWX4CxQvwbzyEDyEmumgzDcVeWKospEtRyWdRWa13nrFgmx2-2BBkLStVEAsHXdT3qlaEaqv12ZbElu1lEyLUlGp-2BYnD2rcSvkP5Jtr2VZn-2FjLjNRjVGvd8e68YLVNwPVX6aDpGd-2FVvv6mijC3FBvCoGjsSNSQ1L4sBzpYgbvqkL3xu-2BwmyfRzRO3-2BPRuFuQ22YhI-2FIODLnzJANsqrldcsa6u9BRSH-2F2L-2Btyj54-2BVzR-2BX2c0fiLMGhFOuA-3D-3Dnoxw_KcfRt2c5DYdv7MgUwpsz0U9U17htP5IpY6lp4de30YOYFqp3LZH2hYNLXN5onjw6LjJAs-2FLjtL-2FW2G3nQfFLhokjqkZq3L44GIrzwu2AkT5QsG6P3jpDGtuoaw9GYX5Bm2EjDP-2BDCe1LXAdFZayQQdNrwBDLRZXzRKoEXjdVejwZE4bYieUVsgSUFl4fYIdru4f7NqTxBawZFmiaE6eCMQ-3D-3DGet hashmaliciousGRQ ScamBrowse
                                                                                                                                                                                                                                                https://tempumail13588.emlnk.com/lt.php?x=3DZy~GE7I3PO5XKuzQE4gumf3XEgvAHwv-5gkXbLKaOd6aF5_ky.xuG-142imNf#user_email=sophie-helen.franz@init.de&fname=Sophie-Helen&lname=FranzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  https://ctrk.klclick3.com/l/01JHS5P1Q4NZYEF0R3PXW1679W_1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    https://steamcommunittyy.com/kekckekckefGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      https://realazure.action.azurecomm.net/api/v2/a/c?url=https%3a%2f%2fmsoffice-evoicemanager-oauth-receptionextension.nrityanupurdanceacademy.com%2fapi%2f&d=AIAACCF44QHPO5QWFPWKPLBK7STEMTZPQWUOOJYN6TN6T5G2BABQ34NABORNOKESIMLXQ3L3NAQSBWZRXFZF563CLXQPCUSU3V5L3DJSUBWCPQEUSPPC3HXWC5DMEUHUBOCKMXYA25H3KVR7A2VLZ3WVPJZYCGG7BBUOADIYJL2E57MMBQFNJ5OBS4B5OP4GY3XAAMDBHGRFYCJNZ2AFNTKGP5VDHHRJHTNMRKVNX7ARKJLNWY2R3N76X6KOQSPZR6TC4KWJXY7MUDITJ2W7YB7YZ6LILFA&s=FEYLEINIRKFDMQZ24XQ6KTLR5NFZLXGO6GQXSJPZMX2NO6DLL4KAGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                        https://vyralink.emlnk.com/lt.php?x=3DZy~GE71aWZ5XV7zAA9W.Zs-X7UvALOv~hgXXLLJ3ag6X8v-Uy.xuG-142imNfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          https://realazure.action.azurecomm.net/api/v2/a/c?url=https://msoffice-evoicemanager-oauth-receptionextension.prontoredes.com/api/&d=AIAAC2VTGDYYSRCODHZL5UTU23TVSD2JEGTOAGIDLWSTXD4D47GGMNOXMDL5N3OUMDC55KLEJEBQQNGJVNSGJ64Z5ERCIVL4UXU2WADHYUNBV3F2PIVA5KY44FNYCHSSLKZVOKU5FOCQRSNLJDPB4GT5DIMNPOOMPIOTYYRNPMILZB3LPOEM4N2GGDLGNVQM5E5HZUSTZBNLMMPBUQ7D6VDZCCJ7E2EO6T5X3NVOQDMAEPLVAVFM6XFFA72HQKFSR24WXLFWX4IQFH7J67K5XBD4IRHZNPA&s=IRZCN72T3NHELHELXIACTZBIWJK4GR4VFIKAUQUERIO6H6E2IDQAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            https://vyralink.emlnk.com/lt.php?x=3DZy~GE7IaWZ5XV7zAA9W.Zs~X7UvAL0v~hgXXLLJ3ag6X8v-Uy.xuG-142imNf%23user_email=a@zen.com&fname=Aki&lname=SatoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              Mystery_Check.pdfGet hashmaliciousKnowBe4, PDFPhishBrowse
                                                                                                                                                                                                                                                                https://realazure.action.azurecomm.net/api/v2/a/c?url=https://evoicemanageroauth-receptionextension.ayesgroup.com.tr/api/&d=AIAACYB2LC5AFHPW2VWJHSV6UVQVRFTHKQBDW7UWQ3KNJXOX5BDUSXJ3ZQRQJPJ5OCLBPZWKD4BJYLQE5BL3GPZPYFC3R7C3HOFZMPETSYONQACZBWKXDVJSZWINJEC6Z4RKVWOIGO4NDLG6FQA6LFOFNHOYVHNU6O5BF2CIF5XY7JZBYIXDHOQTPGKEQXDCQ5S3LP7YSIX6WCUPVILRNCLWJT2MHVSBN2DFV42FB6TTKWPS3I3ZHCMOW63EIPBFPUC2TNHK25YXIBLVSK2QFSGRKUWIP7I&s=CJMEZBXJGCDDZHAVATKKCN5IOIKFCP44FAQWT2LF3YTNOXOSBYKAGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                  172.64.41.3Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      WWa3isqanl.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        jmkykhjksefkyt.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                          MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            infected.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              SpacesVoid Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                8RoqCjas5d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    uwmC39FNho.exeGet hashmaliciousRemcosBrowse

                                                                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                      s-part-0016.t-0009.t-msedge.nethttps://latamvuelosnacionales.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 13.107.246.44
                                                                                                                                                                                                                                                                                      random.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                      • 13.107.246.44
                                                                                                                                                                                                                                                                                      https://itsistematica-my.sharepoint.com/:o:/g/personal/fabio_spica_grupposistematica_it/EptgSYReSjpJvfQ6gsDN_q4Bo5SFwe_VdztXn-i09NdgdQ?e=y23NGgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 13.107.246.44
                                                                                                                                                                                                                                                                                      https://div-classstart-0-dropdown.odoo.com/documents/content/heIbobZBSqWGKM9nbnbWkQobGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                      • 13.107.246.44
                                                                                                                                                                                                                                                                                      https://sheels.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 13.107.246.44
                                                                                                                                                                                                                                                                                      https://www.inoxiumtubi.com/redirectAuthenticatorkrenvenysuauGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 13.107.246.44
                                                                                                                                                                                                                                                                                      http://arthistoryteachingresources.org/2015/02/talk-to-your-profbut-how/Get hashmaliciousHTMLPhisher, TechSupportScamBrowse
                                                                                                                                                                                                                                                                                      • 13.107.246.44
                                                                                                                                                                                                                                                                                      http://rock.levie.com.vnGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 13.107.246.44
                                                                                                                                                                                                                                                                                      https://www.nibe.eu/ch/deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 13.107.246.44
                                                                                                                                                                                                                                                                                      http://officepr0ject.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 13.107.246.44
                                                                                                                                                                                                                                                                                      a416.dscd.akamai.netjmkykhjksefkyt.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                      • 2.22.242.105
                                                                                                                                                                                                                                                                                      MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 2.22.242.105
                                                                                                                                                                                                                                                                                      8RoqCjas5d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 2.16.168.107
                                                                                                                                                                                                                                                                                      uwmC39FNho.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                      • 2.22.242.11
                                                                                                                                                                                                                                                                                      random.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                      • 2.19.126.145
                                                                                                                                                                                                                                                                                      random.exeGet hashmaliciousLummaC, Amadey, GCleaner, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                      • 2.22.242.105
                                                                                                                                                                                                                                                                                      https://www.dropbox.com/scl/fi/kuect9parlkfacjyca4n0/UnlockTool_Pro-v1.4.rar?rlkey=1s8uwqbxesusfs5qa5rmaom4d&st=r7ed37ih&dl=1Get hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                      • 2.19.11.120
                                                                                                                                                                                                                                                                                      vXn4pan2US.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 2.22.242.105
                                                                                                                                                                                                                                                                                      vXn4pan2US.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 2.22.242.105
                                                                                                                                                                                                                                                                                      chrome.cloudflare-dns.comWWa3isqanl.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                                      jmkykhjksefkyt.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                                      MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                                      SpacesVoid Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                                      SpacesVoid Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                                      SpacesVoid Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                                      8RoqCjas5d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                                      Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                                      uwmC39FNho.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                                      random.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                      • 172.64.41.3

                                                                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                      CLOUDFLARENETUShttp://sahadayiz.com.tr/tec/les/K82cqkpomPEEC3lMMcYg4Gph6AcNsuj8uKaZh/john.walker@gmail.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                      • 104.18.95.41
                                                                                                                                                                                                                                                                                      https://wv5n.cuevana.biz/Get hashmaliciousAnonymous ProxyBrowse
                                                                                                                                                                                                                                                                                      • 104.16.79.73
                                                                                                                                                                                                                                                                                      VXB84UvyHp.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                                                      • 172.67.75.172
                                                                                                                                                                                                                                                                                      PO1234.001.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                                                                                      using python exe.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                                                                                                      using python exe.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 104.21.79.52
                                                                                                                                                                                                                                                                                      Anal Glory 5 Brazzers 2024 XXX WEBDL 540p SP...msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 104.22.31.209
                                                                                                                                                                                                                                                                                      using python exe.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                                                                                                      VIRTUAL X MENU.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                                                                                                      http://ink-01.d03c9e86w5d.eu.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                                                                                                      FASTLYUShttps://u7161484.ct.sendgrid.net/ls/click?upn=u001.hSwgV93oKqJ8ZvQ-2F-2Bg69leJsDFyzxPqsdyn4u9nXlJ-2B6tkk6nJugZTBex7q8Bn0crymO_HWAk4DGcP5bOseprwmP7vk4oPocF8foKuuZ9Gg-2BpJSf91zEc1yKPirhoW5wrM1VwT52KX29gwhWicwPDJN07RIgbjxC9h1iMShoNFD06lkP5EL7RVTmw6uf62LvDusJsijFP5CUQRlAY8ahZCIQDkJoZZ4jIjGsaGCaXZFKo-2Bu-2FNyHOieA1StMfbMO0r4g3-2F6cWxF-2BbUhg4nNNa5dNEMfBGE9SzPWqx-2BDBtFhfnng0cmB3kSsLPF-2FkdxJANku3a5pIHPlu7BT-2FOicE-2BslbsDEywWcFUIRho5JtVA8XqiaVoGnaz9g5HoXxAiKktBgnHX-2BLGeTRoWcy2OvW97QKycfDHbq8hDg2h6meJy8K6A9IRYsO9ZC8m-2Bj8DX9Zj8SxfrFqPF8JeXlHA1OcqwW-2BuIUFmZ3K1da-2B4kgROQf1TkWsDcXYmprsgj8RLIvwUJL0B9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 151.101.66.137
                                                                                                                                                                                                                                                                                      Anal Glory 5 Brazzers 2024 XXX WEBDL 540p SP...msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 151.101.193.108
                                                                                                                                                                                                                                                                                      http://codingkeguru.github.io/netflix-clone-website/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                      • 185.199.108.153
                                                                                                                                                                                                                                                                                      https://trusting-burnell.67-23-166-125.plesk.page/mathieu.nanty.--_--penelope.lymandixon/nathalie.sacristain.--_--christophe.garnier/fabrice-delfavero--_--philippe.touset/olivier.deladerriere--_--pierre.nugon/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 151.101.66.137
                                                                                                                                                                                                                                                                                      https://my-site-108654-109294.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                      • 151.101.65.46
                                                                                                                                                                                                                                                                                      http://rpcmaindap.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                      • 151.101.129.140
                                                                                                                                                                                                                                                                                      https://rakshit099-g.github.io/PROJECT_WORKS/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                      • 185.199.108.153
                                                                                                                                                                                                                                                                                      http://resourcedapps.vercel.app/wallet/import/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                      • 151.101.194.137
                                                                                                                                                                                                                                                                                      http://chance-get-verified-tick.vercel.app/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                      • 151.101.2.132
                                                                                                                                                                                                                                                                                      https://rohitsinghrajput966.github.io/NetflixGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                      • 185.199.111.153