Edit tour

Windows Analysis Report
fuZxPIo6G7.exe

Overview

General Information

Sample name:	fuZxPIo6G7.exe renamed because original name is a hash value
Original sample name:	43ff34ad093a6bed2a59808a68065f356ad9e2b82f75ed03bc7f854c76465de5.exe
Analysis ID:	1611171
MD5:	c742c78e2b1c5e835cadf8d4387b5ac7
SHA1:	c8670e8fc305bc541747ec21ff94d1d3453083f9
SHA256:	43ff34ad093a6bed2a59808a68065f356ad9e2b82f75ed03bc7f854c76465de5
Tags:	exeuser-crep1x
Infos:

Detection

Score:	72
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Joe Sandbox ML detected suspicious sample

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Detected non-DNS traffic on DNS port

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the installation date of Windows

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses a known web browser user agent for HTTP communication

Classification

Process Tree

System is w10x64

fuZxPIo6G7.exe (PID: 5076 cmdline: "C:\Users\user\Desktop\fuZxPIo6G7.exe" MD5: C742C78E2B1C5E835CADF8D4387B5AC7)

msedge.exe (PID: 6096 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6692 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=2024,i,15118935604604407009,8125459252930924132,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5864 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7336 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2028,i,12335715539590809088,11661685282044606591,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8264 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6648 --field-trial-handle=2028,i,12335715539590809088,11661685282044606591,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8272 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6836 --field-trial-handle=2028,i,12335715539590809088,11661685282044606591,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-10T16:23:19.110637+0100	2028371	3	Unknown Traffic	192.168.2.10	49702	104.21.48.1	443	TCP
2025-02-10T16:23:20.553566+0100	2028371	3	Unknown Traffic	192.168.2.10	49703	104.21.48.1	443	TCP
2025-02-10T16:23:21.415286+0100	2028371	3	Unknown Traffic	192.168.2.10	49704	104.21.48.1	443	TCP
2025-02-10T16:23:53.988594+0100	2028371	3	Unknown Traffic	192.168.2.10	50282	104.21.32.1	443	TCP
2025-02-10T16:23:56.308534+0100	2028371	3	Unknown Traffic	192.168.2.10	50285	104.21.32.1	443	TCP
2025-02-10T16:23:57.194466+0100	2028371	3	Unknown Traffic	192.168.2.10	50286	104.21.32.1	443	TCP
2025-02-10T16:23:58.010801+0100	2028371	3	Unknown Traffic	192.168.2.10	50287	104.21.32.1	443	TCP
2025-02-10T16:23:58.988298+0100	2028371	3	Unknown Traffic	192.168.2.10	50288	104.21.32.1	443	TCP
2025-02-10T16:24:00.106763+0100	2028371	3	Unknown Traffic	192.168.2.10	50289	104.21.32.1	443	TCP
2025-02-10T16:24:01.215820+0100	2028371	3	Unknown Traffic	192.168.2.10	50290	104.21.32.1	443	TCP

HTTP traffic detected: POST /067188400X?rknfo0knuna8kj=MMOuUvT5zSlDEeDiiarDLwgKIEFXfnuWVIgP7b3B2tEPSqvQwfrldk4M5ny3tFSFFWHFNxM6yUR6oeEAnb7oGg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.1.15Content-Length: 147Host: shubanorka22.shop

Source: fuZxPIo6G7.exe, 00000001.00000003.1899074176.0000018658DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1832307941.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1899074176.0000018658DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1832307941.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt0
Source: fuZxPIo6G7.exe, 00000001.00000003.1899074176.0000018658DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: fuZxPIo6G7.exe, 00000001.00000003.1899074176.0000018658DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1832307941.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1899074176.0000018658DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1832307941.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
Source: fuZxPIo6G7.exe, 00000001.00000003.1899074176.0000018658DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1832307941.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
Source: fuZxPIo6G7.exe, 00000001.00000003.1899074176.0000018658DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://e5.i.lencr.org/0A
Source: fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://e5.o.lencr.org0
Source: fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://msn.com
Source: fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1832307941.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1899074176.0000018658DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1832307941.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: fuZxPIo6G7.exe, 00000001.00000003.1899074176.0000018658DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1832307941.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: fuZxPIo6G7.exe, 00000001.00000003.1899074176.0000018658DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: fuZxPIo6G7.exe, 00000001.00000003.1899074176.0000018658DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: fuZxPIo6G7.exe, 00000001.00000003.1642510860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642827216.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.c
Source: fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.c/auth/c.live.cogin.ine.
Source: 2cc80dabc69f58b6_1.6.dr	String found in binary or memory: https://assets.msn.cn/resolver/
Source: 9441a1ef-2d46-4281-8aa2-c9f7e6bf9b5a.tmp.7.dr	String found in binary or memory: https://assets.msn.com
Source: fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/common-others.ec0dee381567d7b5f792.js
Source: fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/common-others.ec0dee381567d7b5f792.jsb
Source: fuZxPIo6G7.exe, 00000001.00000003.1807894840.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/libs_social-data-service_dist_service_SocialSe
Source: fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.js
Source: fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.js0T15:23:30Z;
Source: fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/nas-highlight-v1.b00137e29b8675ed8885.js
Source: fuZxPIo6G7.exe, 00000001.00000003.1807894840.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/nurturing-placement-manager.fc7b7cad27260d2f6a
Source: fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/ocvFeedback.02cb052a9520ea5d9259.js
Source: fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/ocvFeedback.02cb052a9520ea5d9259.jsf88.js
Source: fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/sign-in-control-wc.03877c4a218aeeb3a202.js
Source: fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/toast-wc.b7e3ed998cd00b5a75cb.js
Source: fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/toast-wc.b7e3ed998cd00b5a75cb.js304a3.jsb
Source: fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.f30eb488fb3069c7561f.js
Source: fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.f30eb488fb3069c7561f.js958a.jsb
Source: 2cc80dabc69f58b6_1.6.dr	String found in binary or memory: https://assets.msn.com/resolver/
Source: fuZxPIo6G7.exe, 00000001.00000003.1783078772.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1832307941.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/service/news/feed/pages/weblayout?User=m-1B81D3983B9F606A268DC6173A8661D9&act
Source: fuZxPIo6G7.exe, 00000001.00000003.1807894840.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://azureedge.net
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://bard.google.com/
Source: 2cc80dabc69f58b6_1.6.dr	String found in binary or memory: https://bit.ly/wb-precache
Source: 2cc80dabc69f58b6_1.6.dr	String found in binary or memory: https://browser.events.data.msn.cn/
Source: 2cc80dabc69f58b6_1.6.dr	String found in binary or memory: https://browser.events.data.msn.com/
Source: fuZxPIo6G7.exe, 00000001.00000003.1807894840.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-strea
Source: Reporting and NEL.7.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: 2cc80dabc69f58b6_1.6.dr	String found in binary or memory: https://c.msn.com/
Source: fuZxPIo6G7.exe, 00000001.00000003.1782392416.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1783078772.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1832307941.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://c.msn.com/c.gif?rnd=1739201014905&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&t
Source: fuZxPIo6G7.exe, 00000001.00000003.1642510860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642827216.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: offscreendocument_main.js.6.dr, service_worker_bin_prod.js.6.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
Source: fuZxPIo6G7.exe, 00000001.00000003.1642510860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1727799716.0000018658E01000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642827216.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, Web Data.6.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: fuZxPIo6G7.exe, 00000001.00000003.1642510860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1727799716.0000018658E01000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642827216.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, Web Data.6.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.6.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.6.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 9441a1ef-2d46-4281-8aa2-c9f7e6bf9b5a.tmp.7.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.6.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 9441a1ef-2d46-4281-8aa2-c9f7e6bf9b5a.tmp.7.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: Reporting and NEL.7.dr	String found in binary or memory: https://deff.nelreports.net/api/report
Source: 2cc80dabc69f58b6_0.6.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658E08000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658E08000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1782392416.0000018658E08000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msnH
Source: fuZxPIo6G7.exe, 00000001.00000003.1820156511.0000018658DF9000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1855049014.0000018658DF9000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1795363169.0000018658DF9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msne=?
Source: Reporting and NEL.7.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
Source: fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: manifest.json0.6.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json0.6.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.6.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.6.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.6.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.6.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.6.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.6.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.6.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.6.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.6.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.6.dr	String found in binary or memory: https://drive.google.com/
Source: fuZxPIo6G7.exe, 00000001.00000003.1642510860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1727799716.0000018658E01000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642827216.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, Web Data.6.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: fuZxPIo6G7.exe, 00000001.00000003.1642510860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1727799716.0000018658E01000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642827216.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, Web Data.6.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: fuZxPIo6G7.exe, 00000001.00000003.1642510860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1727799716.0000018658E01000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642827216.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, Web Data.6.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 9441a1ef-2d46-4281-8aa2-c9f7e6bf9b5a.tmp.7.dr	String found in binary or memory: https://edgeassetservice.azureedge.net
Source: 000003.log9.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log9.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log9.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log0.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.6.dr, f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.6.dr, f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: HubApps Icons.6.dr, f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.6.dr, f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log9.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: HubApps Icons.6.dr, f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.6.dr, f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.6.dr, f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.6.dr, f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log9.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://gaana.com/
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: 2cc80dabc69f58b6_1.6.dr	String found in binary or memory: https://img-s-msn-com.akamaized.net/
Source: 2cc80dabc69f58b6_1.6.dr	String found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
Source: fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/BB1msyCF
Source: fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/BB1msyCFX-Source-Length:
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658E08000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658E08000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1782392416.0000018658E08000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://m.kugou.com/
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://m.soundcloud.com/
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://m.vk.com/
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://msn.com
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://music.amazon.com
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://music.apple.com
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://music.yandex.com
Source: 2cc80dabc69f58b6_1.6.dr	String found in binary or memory: https://ntp.msn.cn/edge/ntp
Source: 000003.log3.6.dr, 2cc80dabc69f58b6_0.6.dr	String found in binary or memory: https://ntp.msn.com
Source: fuZxPIo6G7.exe, 00000001.00000003.1807894840.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1783078772.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658E08000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658E08000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1782392416.0000018658E08000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, 000003.log4.6.dr	String found in binary or memory: https://ntp.msn.com/
Source: QuotaManager.6.dr	String found in binary or memory: https://ntp.msn.com/_default
Source: 2cc80dabc69f58b6_1.6.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp
Source: 2cc80dabc69f58b6_1.6.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
Source: Session_13383674609275648.6.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: QuotaManager-journal.6.dr, QuotaManager.6.dr	String found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
Source: QuotaManager-journal.6.dr, QuotaManager.6.dr	String found in binary or memory: https://ntp.msn.com/ntp.msn.com_default/
Source: fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ntp.msn.comAccess-Control-Expose-Headers:
Source: 2cc80dabc69f58b6_0.6.dr	String found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
Source: fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ntp.msn.comcache-control:public
Source: fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ntp.msn.comreport-to:
Source: fuZxPIo6G7.exe, 00000001.00000003.1782392416.0000018658E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ntp.msn.comx-as-suppresssetcookie:1cache-control:private
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://open.spotify.com
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658E08000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658E08000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1782392416.0000018658E08000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: 2cc80dabc69f58b6_1.6.dr	String found in binary or memory: https://sb.scorecardresearch.com/
Source: fuZxPIo6G7.exe, 00000001.00000003.1968213743.0000018657448000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shubanorka22.shop/
Source: fuZxPIo6G7.exe, 00000001.00000003.1981632347.000001865CC38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shubanorka22.shop/067188400X
Source: fuZxPIo6G7.exe, 00000001.00000003.1968213743.0000018657448000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1613909702.0000018657413000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shubanorka22.shop/067188400X?rknfo0knuna8kj=MMOuUvT5zSlDEeDiiarDLwgKIEFXfnuWVIgP7b3B2tEPSqvQ
Source: fuZxPIo6G7.exe, 00000001.00000003.1990649695.0000018657459000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1991800021.000001865745A000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1990380039.0000018657448000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shubanorka22.shop/R
Source: fuZxPIo6G7.exe, 00000001.00000003.1968531827.0000018657459000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1968213743.0000018657448000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shubanorka22.shop/Z
Source: fuZxPIo6G7.exe, 00000001.00000003.1968531827.0000018657459000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1968213743.0000018657448000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shubanorka22.shop/jWR
Source: fuZxPIo6G7.exe, 00000001.00000002.1991981077.00000186574AE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1990182670.00000186574AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shubanorka22.shop:443
Source: fuZxPIo6G7.exe, 00000001.00000003.1927106750.0000018657448000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1583068883.000001865742D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shubanorka22.shop:443/067188400X?rknfo0knuna8kj=MMOuUvT5zSlDEeDiiarDLwgKIEFXfnuWVIgP7b3B2tEP
Source: fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sn.com
Source: 2cc80dabc69f58b6_1.6.dr	String found in binary or memory: https://srtb.msn.cn/
Source: 2cc80dabc69f58b6_1.6.dr	String found in binary or memory: https://srtb.msn.com/
Source: fuZxPIo6G7.exe, 00000001.00000003.1908506925.000001865E8A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: fuZxPIo6G7.exe, 00000001.00000003.1908506925.000001865E8AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: fuZxPIo6G7.exe, 00000001.00000003.1908506925.000001865E8AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.njy8xaI_aUJp
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://tidal.com/
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://twitter.com/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.6.dr	String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.6.dr	String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.6.dr	String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://vibe.naver.com/today
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://web.telegram.org/
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://web.whatsapp.com
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.clarity.ms
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.deezer.com/
Source: fuZxPIo6G7.exe, 00000001.00000003.1642510860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642827216.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: content.js.6.dr, content_new.js.6.dr	String found in binary or memory: https://www.google.com/chrome
Source: fuZxPIo6G7.exe, 00000001.00000003.1642510860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1727799716.0000018658E01000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642827216.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, Web Data.6.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 9441a1ef-2d46-4281-8aa2-c9f7e6bf9b5a.tmp.7.dr	String found in binary or memory: https://www.googleapis.com
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.instagram.com
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.last.fm/
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.messenger.com
Source: fuZxPIo6G7.exe, 00000001.00000003.1908506925.000001865E8A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: fuZxPIo6G7.exe, 00000001.00000003.1908506925.000001865E8AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.d-GHL1OW1fkT
Source: fuZxPIo6G7.exe, 00000001.00000003.1908506925.000001865E8AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.sYEKgG4Or0s6
Source: fuZxPIo6G7.exe, 00000001.00000003.1908506925.000001865E8AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: fuZxPIo6G7.exe, 00000001.00000003.1908506925.000001865E8AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: fuZxPIo6G7.exe, 00000001.00000003.1908506925.000001865E8AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: 2cc80dabc69f58b6_1.6.dr	String found in binary or memory: https://www.msn.com/web-notification-icon-light.png
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.office.com
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.tiktok.com/
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://www.youtube.com
Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 50260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50239
Source: unknown	Network traffic detected: HTTP traffic on port 50246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50249
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50248
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50241
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50240
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50245
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50247
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50246
Source: unknown	Network traffic detected: HTTP traffic on port 50241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50259
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50258
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50260
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50265
Source: unknown	Network traffic detected: HTTP traffic on port 50282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50264
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50285 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50282
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50285
Source: unknown	Network traffic detected: HTTP traffic on port 50245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50287
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50286
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50289
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50288
Source: unknown	Network traffic detected: HTTP traffic on port 50290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50290
Source: unknown	Network traffic detected: HTTP traffic on port 50239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.10:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.10:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.10:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.10:50282 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.10:50285 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.10:50286 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.10:50287 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.10:50288 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.10:50289 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.10:50290 version: TLS 1.2

Source: fuZxPIo6G7.exe

Static PE information: Number of sections : 11 > 10

Source: fuZxPIo6G7.exe, 00000001.00000003.1881851506.0000018658E2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsedge.exe> vs fuZxPIo6G7.exe
Source: fuZxPIo6G7.exe, 00000001.00000003.1882330856.0000018658E2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsedge.exe> vs fuZxPIo6G7.exe
Source: fuZxPIo6G7.exe, 00000001.00000002.1995965059.000001865AFCA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs fuZxPIo6G7.exe
Source: fuZxPIo6G7.exe, 00000001.00000003.1882019438.0000018658E2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsedge.exe> vs fuZxPIo6G7.exe
Source: fuZxPIo6G7.exe, 00000001.00000003.1782392416.0000018658E25000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsedge.exe> vs fuZxPIo6G7.exe
Source: fuZxPIo6G7.exe, 00000001.00000003.1795363169.0000018658E2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsedge.exe> vs fuZxPIo6G7.exe
Source: fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658E2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsedge.exe> vs fuZxPIo6G7.exe
Source: fuZxPIo6G7.exe, 00000001.00000003.1783078772.0000018658E2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsedge.exe> vs fuZxPIo6G7.exe
Source: fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658E2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsedge.exe> vs fuZxPIo6G7.exe
Source: fuZxPIo6G7.exe, 00000001.00000003.1878626016.0000018658E2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsedge.exe> vs fuZxPIo6G7.exe

Source: classification engine

Classification label: mal72.spyw.winEXE@43/239@23/19

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67AA19EE-17D0.pma

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\32519ff7-88c0-4396-babe-c86e787371c1.tmp

Jump to behavior

Source: fuZxPIo6G7.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\fuZxPIo6G7.exe

System information queried: HandleInformation

Jump to behavior

Source: C:\Users\user\Desktop\fuZxPIo6G7.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: fuZxPIo6G7.exe, 00000001.00000003.1642063056.0000018658DDB000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: fuZxPIo6G7.exe	Virustotal: Detection: 41%
Source: fuZxPIo6G7.exe	ReversingLabs: Detection: 60%

Source: unknown	Process created: C:\Users\user\Desktop\fuZxPIo6G7.exe "C:\Users\user\Desktop\fuZxPIo6G7.exe"
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=2024,i,15118935604604407009,8125459252930924132,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2028,i,12335715539590809088,11661685282044606591,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6648 --field-trial-handle=2028,i,12335715539590809088,11661685282044606591,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6836 --field-trial-handle=2028,i,12335715539590809088,11661685282044606591,262144 /prefetch:8
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=2024,i,15118935604604407009,8125459252930924132,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2028,i,12335715539590809088,11661685282044606591,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6648 --field-trial-handle=2028,i,12335715539590809088,11661685282044606591,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6836 --field-trial-handle=2028,i,12335715539590809088,11661685282044606591,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: C:\Users\user\Desktop\fuZxPIo6G7.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: fuZxPIo6G7.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: fuZxPIo6G7.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: fuZxPIo6G7.exe

Static file information: File size 2658240 > 1048576

Source: fuZxPIo6G7.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x22b000

Source: fuZxPIo6G7.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: fuZxPIo6G7.exe, 00000001.00000003.1642217327.0000018658D9A000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1686507753.0000018658D94000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642510860.0000018658D96000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1643536712.0000018658D98000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1639995516.0000018658DB9000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1687138428.0000018658D9A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.ini9_ source: fuZxPIo6G7.exe, 00000001.00000003.1908216778.0000018658DC0000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1900819379.0000018658DC0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: fuZxPIo6G7.exe, 00000001.00000003.1642063056.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1639951583.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb source: fuZxPIo6G7.exe, 00000001.00000003.1639654833.0000018658DD6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Y\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2S&Pp source: fuZxPIo6G7.exe, 00000001.00000003.1639995516.0000018658DB9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: hC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: fuZxPIo6G7.exe, 00000001.00000003.1642063056.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1639951583.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: fuZxPIo6G7.exe, 00000001.00000003.1642063056.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1639951583.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: fuZxPIo6G7.exe, 00000001.00000003.1639995516.0000018658DB9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: fuZxPIo6G7.exe, 00000001.00000002.1993123365.0000018659454000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1994161521.0000018659E56000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1997176557.000001865B85E000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1994878496.000001865A65E000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1994368407.000001865A05F000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1992786836.0000018659054000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1994711792.000001865A451000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1997714192.000001865BE5D000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1997539899.000001865BC5E000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1993742626.0000018659A58000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1994543683.000001865A256000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1993371484.0000018659654000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1997898994.000001865C054000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1997359488.000001865BA5F000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1995965059.000001865AE52000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1993561855.0000018659858000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1995135364.000001865A855000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1996143392.000001865B053000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1995679748.000001865AC5A000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1996315510.000001865B253000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1998072484.000001865C258000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1992957515.000001865925D000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1996785365.000001865B452000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1993915118.0000018659C50000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1992602857.0000018658E53000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1996986991.000001865B65D000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1995425532.000001865AA5F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local State source: fuZxPIo6G7.exe, 00000001.00000003.1642063056.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1639951583.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: fuZxPIo6G7.exe, 00000001.00000003.1639951583.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: fuZxPIo6G7.exe, 00000001.00000003.1639995516.0000018658DB9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDB source: fuZxPIo6G7.exe, 00000001.00000003.1639995516.0000018658DB9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: fuZxPIo6G7.exe, 00000001.00000003.1639995516.0000018658DB9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: _\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2k&APp source: fuZxPIo6G7.exe, 00000001.00000003.1639995516.0000018658DB9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: fuZxPIo6G7.exe, 00000001.00000003.1642063056.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1639951583.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: [C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: fuZxPIo6G7.exe, 00000001.00000003.1639995516.0000018658DB9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: fuZxPIo6G7.exe, 00000001.00000003.1642217327.0000018658DC0000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642325626.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642063056.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1639951583.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\profiles.ini source: fuZxPIo6G7.exe, 00000001.00000003.1969953803.000001865E844000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1970220383.000001865E844000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1926737306.000001865E7A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\low source: fuZxPIo6G7.exe, 00000001.00000003.1639951583.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: k\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: fuZxPIo6G7.exe, 00000001.00000003.1642063056.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1639951583.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: _prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.ini9_ source: fuZxPIo6G7.exe, 00000001.00000003.1969587771.0000018658DC0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: fuZxPIo6G7.exe, 00000001.00000002.1993123365.0000018659454000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1994161521.0000018659E56000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1997176557.000001865B85E000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1994878496.000001865A65E000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1994368407.000001865A05F000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1992786836.0000018659054000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1994711792.000001865A451000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1997714192.000001865BE5D000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1997539899.000001865BC5E000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1993742626.0000018659A58000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1994543683.000001865A256000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1993371484.0000018659654000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1997898994.000001865C054000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1997359488.000001865BA5F000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1995965059.000001865AE52000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1993561855.0000018659858000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1995135364.000001865A855000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1996143392.000001865B053000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1995679748.000001865AC5A000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1996315510.000001865B253000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1998072484.000001865C258000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1992957515.000001865925D000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1996785365.000001865B452000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1993915118.0000018659C50000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1992602857.0000018658E53000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1996986991.000001865B65D000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1995425532.000001865AA5F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831-& source: fuZxPIo6G7.exe, 00000001.00000003.1639995516.0000018658DB9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\profiles.iniL_ P source: fuZxPIo6G7.exe, 00000001.00000003.1908216778.0000018658DC0000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1900819379.0000018658DC0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbvX source: fuZxPIo6G7.exe, 00000001.00000003.1639951583.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: g\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local State source: fuZxPIo6G7.exe, 00000001.00000003.1642063056.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1639951583.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.ini source: fuZxPIo6G7.exe, 00000001.00000003.1908216778.0000018658DC0000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1927288389.0000018658DC1000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1900819379.0000018658DC0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: fuZxPIo6G7.exe, 00000001.00000003.1639995516.0000018658DB9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: [\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831*& source: fuZxPIo6G7.exe, 00000001.00000003.1639995516.0000018658DB9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: [C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2e&SP3 source: fuZxPIo6G7.exe, 00000001.00000003.1639995516.0000018658DB9000.00000004.00000020.00020000.00000000.sdmp

Source: fuZxPIo6G7.exe

Static PE information: real checksum: 0x29766b should be: 0x297a2b

Source: fuZxPIo6G7.exe

Static PE information: section name: .xdata

Source: C:\Users\user\Desktop\fuZxPIo6G7.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate

Jump to behavior

Source: C:\Users\user\Desktop\fuZxPIo6G7.exe TID: 1816

Thread sleep time: -150000s >= -30000s

Jump to behavior

Source: Web Data.6.dr	Binary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
Source: Web Data.6.dr	Binary or memory string: tasks.office.comVMware20,11696501413o
Source: Web Data.6.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696501413h
Source: Web Data.6.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696501413
Source: Web Data.6.dr	Binary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
Source: Web Data.6.dr	Binary or memory string: dev.azure.comVMware20,11696501413j
Source: Web Data.6.dr	Binary or memory string: Interactive userers - COM.HKVMware20,11696501413
Source: fuZxPIo6G7.exe, 00000001.00000003.1927106750.0000018657448000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1613909702.0000018657448000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1574187502.0000018657448000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1991580429.00000186573D7000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1574696344.0000018657448000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1991800021.0000018657448000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1583068883.0000018657448000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1583296491.0000018657448000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1990380039.0000018657448000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1968213743.0000018657448000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Web Data.6.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696501413
Source: Web Data.6.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696501413\|UE
Source: Web Data.6.dr	Binary or memory string: bankofamerica.comVMware20,11696501413x
Source: Web Data.6.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696501413}
Source: Web Data.6.dr	Binary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
Source: Web Data.6.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696501413x
Source: Web Data.6.dr	Binary or memory string: turbotax.intuit.comVMware20,11696501413t
Source: Web Data.6.dr	Binary or memory string: Interactive userers - HKVMware20,11696501413]
Source: Web Data.6.dr	Binary or memory string: outlook.office.comVMware20,11696501413s
Source: Web Data.6.dr	Binary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
Source: Web Data.6.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696501413u
Source: Web Data.6.dr	Binary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
Source: Web Data.6.dr	Binary or memory string: Interactive userers - EU WestVMware20,11696501413n
Source: Web Data.6.dr	Binary or memory string: ms.portal.azure.comVMware20,11696501413
Source: Web Data.6.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413
Source: Web Data.6.dr	Binary or memory string: www.interactiveuserers.comVMware20,11696501413}
Source: Web Data.6.dr	Binary or memory string: interactiveuserers.co.inVMware20,11696501413d
Source: Web Data.6.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696501413x
Source: Web Data.6.dr	Binary or memory string: global block list test formVMware20,11696501413
Source: Web Data.6.dr	Binary or memory string: outlook.office365.comVMware20,11696501413t
Source: Web Data.6.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
Source: Web Data.6.dr	Binary or memory string: interactiveuserers.comVMware20,11696501413
Source: Web Data.6.dr	Binary or memory string: discord.comVMware20,11696501413f
Source: Web Data.6.dr	Binary or memory string: AMC password management pageVMware20,11696501413

Source: C:\Users\user\Desktop\fuZxPIo6G7.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\fuZxPIo6G7.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Source: C:\Users\user\Desktop\fuZxPIo6G7.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt			Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Key opened: HKEY_CURRENT_USER\Software\monero-project\monero-core			Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions			Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2 Override			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\091tobv5.default-release	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\dtbqpus9.default	Jump to behavior
Source: C:\Users\user\Desktop\fuZxPIo6G7.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	1 OS Credential Dumping	1 Query Registry	Remote Services	1 Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	1 Credentials in Registry	1 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	14 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	14 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
fuZxPIo6G7.exe	42%	Virustotal		Browse
fuZxPIo6G7.exe	61%	ReversingLabs	Win64.Trojan.Generic

Source	Detection	Scanner	Label
https://ntp.msn.comcache-control:public	0%	Avira URL Cloud	safe
https://shubanorka22.shop/067188400X	0%	Avira URL Cloud	safe
https://shubanorka22.shop:443/067188400X?rknfo0knuna8kj=MMOuUvT5zSlDEeDiiarDLwgKIEFXfnuWVIgP7b3B2tEP	0%	Avira URL Cloud	safe
https://shubanorka22.shop/R	0%	Avira URL Cloud	safe
https://shubanorka22.shop/Z	0%	Avira URL Cloud	safe
https://ntp.msn.comx-as-suppresssetcookie:1cache-control:private	0%	Avira URL Cloud	safe
https://shubanorka22.shop/	0%	Avira URL Cloud	safe
https://sn.com	100%	Avira URL Cloud	malware
https://shubanorka22.shop/067188400X?rknfo0knuna8kj=MMOuUvT5zSlDEeDiiarDLwgKIEFXfnuWVIgP7b3B2tEPSqvQ	0%	Avira URL Cloud	safe
https://api.msn.c	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
shubanorka22.shop	104.21.48.1	true	false	unknown
chrome.cloudflare-dns.com	172.64.41.3	true	false	high
a416.dscd.akamai.net	2.19.126.145	true	false	high
a-0003.a-msedge.net	204.79.197.203	true	false	high
c-msn-pme.trafficmanager.net	13.74.129.1	true	false	high
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
sb.scorecardresearch.com	18.244.18.122	true	false	high
ax-0001.ax-msedge.net	150.171.27.10	true	false	high
e28578.d.akamaiedge.net	2.23.209.34	true	false	high
googlehosted.l.googleusercontent.com	142.250.185.97	true	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
assets.msn.com	unknown	unknown	false	high
15.164.165.52.in-addr.arpa	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1739201017554&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://sb.scorecardresearch.com/b?rn=1739201014906&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1B81D3983B9F606A268DC6173A8661D9&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1739201017547&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://ntp.msn.com/bundles/v1/edgeChromium/latest/SSR-extension.b70cb75853005ad9eaf6.js	false	high
https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.f30eb488fb3069c7561f.js	false	high
https://clients2.googleusercontent.com/crx/blobs/ASuc5ohfQPNzGo5SSihcSk6msC8CUKw5id-p0KCEkBKwK2LS4AjdrDP0wa1qjzCTaTWEfyM52ADmUAdPETYA5vgD87UPEj6gyG11hjsvMLHGmzQgJ9F5D8s8Lo0Lbai5BQYAxlKa5esPJXukyaicyq83JwZ0HIWqzrjN/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_86_1_0.crx	false	high
https://assets.msn.com/bundles/v1/edgeChromium/latest/common.36a9f5e4ed2130582a90.js	false	high
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1739201018549&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true	false	high
https://sb.scorecardresearch.com/b2?rn=1739201014906&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1B81D3983B9F606A268DC6173A8661D9&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false	high
https://c.msn.com/c.gif?rnd=1739201014905&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=2e3b6592f09948f5bcb591fabd07253a&activityId=2e3b6592f09948f5bcb591fabd07253a&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=576161C08EC4409C8131115DE4134E9D&MUID=1B81D3983B9F606A268DC6173A8661D9	false	high
https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true	false	high
https://c.msn.com/c.gif?rnd=1739201014905&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=2e3b6592f09948f5bcb591fabd07253a&activityId=2e3b6592f09948f5bcb591fabd07253a&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1739201014902&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://assets.msn.com/statics/icons/favicon_newtabpage.png	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	fuZxPIo6G7.exe, 00000001.00000003.1642510860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1727799716.0000018658E01000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642827216.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, Web Data.6.dr	false		high
https://login.microsoftonline.com/	fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658E08000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658E08000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1782392416.0000018658E08000.00000004.00000020.00020000.00000000.sdmp	false		high
https://c.msn.com/	2cc80dabc69f58b6_1.6.dr	false		high
https://duckduckgo.com/ac/?q=	fuZxPIo6G7.exe, 00000001.00000003.1642510860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1727799716.0000018658E01000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642827216.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, Web Data.6.dr	false		high
https://msn.com	fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/ocvFeedback.02cb052a9520ea5d9259.jsf88.js	fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.msn.c	fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ntp.msn.com/_default	QuotaManager.6.dr	false		high
https://deff.nelreports.net/api/report?cat=msnH	fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658E08000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658E08000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1782392416.0000018658E08000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.last.fm/	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://deff.nelreports.net/api/report?cat=msn	2cc80dabc69f58b6_0.6.dr	false		high
https://ntp.msn.cn/edge/ntp	2cc80dabc69f58b6_1.6.dr	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/sign-in-control-wc.03877c4a218aeeb3a202.js	fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sb.scorecardresearch.com/	2cc80dabc69f58b6_1.6.dr	false		high
https://deff.nelreports.net/api/report	Reporting and NEL.7.dr	false		high
https://docs.google.com/	manifest.json0.6.dr	false		high
https://www.youtube.com	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://deff.nelreports.net/api/report?cat=msnw	Reporting and NEL.7.dr	false		high
https://www.instagram.com	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://web.skype.com/?browsername=edge_canary_shoreline	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/libs_social-data-service_dist_service_SocialSe	fuZxPIo6G7.exe, 00000001.00000003.1807894840.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/	fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive.google.com/	manifest.json0.6.dr	false		high
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://www.clarity.ms	fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://shubanorka22.shop/Z	fuZxPIo6G7.exe, 00000001.00000003.1968531827.0000018657459000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1968213743.0000018657448000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.messenger.com	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
http://msn.com	fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://outlook.office.com/mail/compose?isExtension=true	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
http://e5.o.lencr.org0	fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://shubanorka22.shop/R	fuZxPIo6G7.exe, 00000001.00000003.1990649695.0000018657459000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000002.1991800021.000001865745A000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1990380039.0000018657448000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://unitedstates4.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.6.dr	false		high
https://i.y.qq.com/n2/m/index.html	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://www.deezer.com/	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://shubanorka22.shop:443/067188400X?rknfo0knuna8kj=MMOuUvT5zSlDEeDiiarDLwgKIEFXfnuWVIgP7b3B2tEP	fuZxPIo6G7.exe, 00000001.00000003.1927106750.0000018657448000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1583068883.000001865742D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.js0T15:23:30Z;	fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://web.telegram.org/	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/nurturing-placement-manager.fc7b7cad27260d2f6a	fuZxPIo6G7.exe, 00000001.00000003.1807894840.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdnjs.cloudflare.com/ajax/libs/mathjax/	offscreendocument_main.js.6.dr, service_worker_bin_prod.js.6.dr	false		high
https://drive-daily-2.corp.google.com/	manifest.json0.6.dr	false		high
https://drive-daily-4.corp.google.com/	manifest.json0.6.dr	false		high
https://vibe.naver.com/today	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://srtb.msn.com/	2cc80dabc69f58b6_1.6.dr	false		high
https://unitedstates1.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.6.dr	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	fuZxPIo6G7.exe, 00000001.00000003.1642510860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1727799716.0000018658E01000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642827216.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, Web Data.6.dr	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	fuZxPIo6G7.exe, 00000001.00000003.1899074176.0000018658DFB000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	fuZxPIo6G7.exe, 00000001.00000003.1899074176.0000018658DFB000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ntp.msn.com/ntp.msn.com_default/	QuotaManager-journal.6.dr, QuotaManager.6.dr	false		high
https://assets.msn.com	9441a1ef-2d46-4281-8aa2-c9f7e6bf9b5a.tmp.7.dr	false		high
https://www.ecosia.org/newtab/	fuZxPIo6G7.exe, 00000001.00000003.1642510860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1642827216.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive-daily-1.corp.google.com/	manifest.json0.6.dr	false		high
https://excel.new?from=EdgeM365Shoreline	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	fuZxPIo6G7.exe, 00000001.00000003.1908506925.000001865E8AC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive-daily-5.corp.google.com/	manifest.json0.6.dr	false		high
https://bzib.nelreports.net/api/report?cat=bingbusiness	Reporting and NEL.7.dr	false		high
https://ntp.msn.comx-as-suppresssetcookie:1cache-control:private	fuZxPIo6G7.exe, 00000001.00000003.1782392416.0000018658E00000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://shubanorka22.shop/067188400X	fuZxPIo6G7.exe, 00000001.00000003.1981632347.000001865CC38000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/chrome	content.js.6.dr, content_new.js.6.dr	false		high
https://www.tiktok.com/	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://c.msn.com/c.gif?rnd=1739201014905&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&t	fuZxPIo6G7.exe, 00000001.00000003.1782392416.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1783078772.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1866683329.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1831501860.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1832307941.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.msn.com/web-notification-icon-light.png	2cc80dabc69f58b6_1.6.dr	false		high
https://shubanorka22.shop/	fuZxPIo6G7.exe, 00000001.00000003.1968213743.0000018657448000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://assets.msn.com/service/news/feed/pages/weblayout?User=m-1B81D3983B9F606A268DC6173A8661D9&act	fuZxPIo6G7.exe, 00000001.00000003.1783078772.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1832307941.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://chromewebstore.google.com/	manifest.json.6.dr	false		high
https://drive-preprod.corp.google.com/	manifest.json0.6.dr	false		high
https://srtb.msn.cn/	2cc80dabc69f58b6_1.6.dr	false		high
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://chrome.google.com/webstore/	manifest.json.6.dr	false		high
https://ntp.msn.comcache-control:public	fuZxPIo6G7.exe, 00000001.00000003.1843399839.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://y.music.163.com/m/	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://unitedstates2.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.6.dr	false		high
https://bard.google.com/	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://assets.msn.cn/resolver/	2cc80dabc69f58b6_1.6.dr	false		high
https://shubanorka22.shop/067188400X?rknfo0knuna8kj=MMOuUvT5zSlDEeDiiarDLwgKIEFXfnuWVIgP7b3B2tEPSqvQ	fuZxPIo6G7.exe, 00000001.00000003.1968213743.0000018657448000.00000004.00000020.00020000.00000000.sdmp, fuZxPIo6G7.exe, 00000001.00000003.1613909702.0000018657413000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sn.com	fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/ocvFeedback.02cb052a9520ea5d9259.js	fuZxPIo6G7.exe, 00000001.00000003.1807421960.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://browser.events.data.msn.com/	2cc80dabc69f58b6_1.6.dr	false		high
https://web.whatsapp.com	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://m.kugou.com/	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high
https://www.office.com	f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.48.1	shubanorka22.shop	United States	13335	CLOUDFLARENETUS	false
23.200.88.30	unknown	United States	16625	AKAMAI-ASUS	false
2.23.209.34	e28578.d.akamaiedge.net	European Union	1273	CWVodafoneGroupPLCEU	false
23.219.82.11	unknown	United States	20940	AKAMAI-ASN1EU	false
23.48.224.230	unknown	United States	20940	AKAMAI-ASN1EU	false
2.19.126.145	a416.dscd.akamai.net	European Union	16625	AKAMAI-ASUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
13.74.129.1	c-msn-pme.trafficmanager.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
18.173.219.84	unknown	United States	3	MIT-GATEWAYSUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
104.21.32.1	unknown	United States	13335	CLOUDFLARENETUS	false
18.244.18.122	sb.scorecardresearch.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
204.79.197.203	a-0003.a-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
13.69.116.107	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.10

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1611171
Start date and time:	2025-02-10 16:21:52 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	fuZxPIo6G7.exe renamed because original name is a hash value
Original Sample Name:	43ff34ad093a6bed2a59808a68065f356ad9e2b82f75ed03bc7f854c76465de5.exe
Detection:	MAL
Classification:	mal72.spyw.winEXE@43/239@23/19
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, Runtimeuserer.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.214.172, 13.107.42.16, 204.79.197.239, 13.107.21.239, 142.250.186.78, 13.107.6.158, 172.211.159.152, 2.19.97.170, 2.19.97.195, 2.21.65.134, 2.21.65.153, 2.21.65.146, 2.21.65.132, 2.21.65.154, 2.21.65.157, 4.231.66.184, 2.19.11.109, 2.19.11.113, 104.124.11.161, 104.124.11.163, 142.251.41.3, 172.217.165.131, 142.250.80.35, 20.12.23.50, 94.245.104.56, 20.190.159.4, 184.28.90.27, 150.171.27.10, 104.117.182.56, 104.40.82.182, 13.107.246.38, 23.223.209.214, 52.165.164.15
Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, prod-agic-we-4.westeurope.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, www.bing.com.edgekey.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, th.bing.com, prod-agic-we-7.westeurope.cloudapp.azure.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, th.bing.com.edgekey.net, api.edgeoffer.microsoft.com, star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net, ctldl.windowsupdate.com, p-th.bing.com.trafficmanager.net, b-0005.b-msedge.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, edge.microsoft.com,
Execution Graph export aborted for target fuZxPIo6G7.exe, PID 5076 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
10:23:11	API Interceptor	10x Sleep call for process: fuZxPIo6G7.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.48.1	Proposed Residential Building at City Walk Phase 5.vbs	Get hash	malicious	FormBook	Browse	www.tumbetgirislinki.fit/k566/
	fnn6g1xT1Y.exe	Get hash	malicious	FormBook	Browse	www.clouser.store/0izs/
	nnBgprBo1I.exe	Get hash	malicious	FormBook	Browse	www.mzkd6gp5.top/3u0p/
	QUOTATION NO REQ-19-000640.exe	Get hash	malicious	FormBook	Browse	www.lucynoel6465.shop/am6a/
	specs_916351_xlsx.exe	Get hash	malicious	Lokibot	Browse	touxzw.ir/sccc/five/fre.php
	MV KSL DANYANG - CARGO DOCS.exe	Get hash	malicious	FormBook	Browse	www.cikolatasampuan.xyz/igu6/
	Order specifications.exe	Get hash	malicious	FormBook	Browse	www.sigaque.today/vyp9/
	Updated 2025 Trading Agreement for Direct Purchase account.exe	Get hash	malicious	FormBook	Browse	www.sigaque.today/7c9r/
	Contract-pdf.bat.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.sv3880.vip/whne/
	Bank Slip pdf.exe	Get hash	malicious	FormBook	Browse	www.sagaswap.xyz/5lfc/
23.200.88.30	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
23.200.88.30	https://advantecho365-my.sharepoint.com/:f:/g/personal/amanda_eriksen_advantech_com/EpP8vYfyU_RBi6SdtjWUdQQBIRJulWRqRSHZIQe3X4fLjA?e=jQHC24	Get hash	malicious	HTMLPhisher	Browse
2.23.209.34	FW_ NEW supplier inquiry.msg	Get hash	malicious	Unknown	Browse
	random.exe	Get hash	malicious	Vidar	Browse
	https://kdnsedbclf.rocmodulaar.com/redirect/.red/.off/DEICIWEDGK/GKZFVHJQRB/WYMJACWTFQ	Get hash	malicious	HTMLPhisher	Browse
	https://vqr.vc/YdvOeCQGb	Get hash	malicious	HTMLPhisher	Browse
	https://stonewoodinvestmentssmartviewaccess.uscourtfiles.com/QGL2K	Get hash	malicious	HTMLPhisher	Browse
	https://tdn.docshostingservice.com/WeQiU	Get hash	malicious	HTMLPhisher	Browse
	http://hr.cuassistance.org/login/login.php	Get hash	malicious	Unknown	Browse
	https://ipfs.io/ipfs/Qmairr5VbGqYuZovUcw9rWWTMy6uCYZJtKdyb1PHBpaMzr	Get hash	malicious	HTMLPhisher	Browse
	https://supportsystem-customerservice.github.io/newhot/lit%20(2).html	Get hash	malicious	HTMLPhisher	Browse
	(No subject).eml	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
chrome.cloudflare-dns.com	seethebestthingswithbstteamworkgiven.hta	Get hash	malicious	Cobalt Strike, Remcos	Browse	172.64.41.3
	filw.exe	Get hash	malicious	Stealerium	Browse	162.159.61.3
	Setup.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse	162.159.61.3
	250205-kc4a9aznbq_pw_infected.zip	Get hash	malicious	Unknown	Browse	162.159.61.3
	1VB7gm8.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	random.exe	Get hash	malicious	Amadey, LummaC Stealer, PureLog Stealer, RedLine, Vidar, XWorm, Xmrig	Browse	162.159.61.3
	random.exe	Get hash	malicious	Vidar	Browse	162.159.61.3
	GUI.for.SingBox.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	SecuriteInfo.com.Win64.Evo-gen.13578.12741.exe	Get hash	malicious	RHADAMANTHYS	Browse	172.64.41.3
a416.dscd.akamai.net	seethebestthingswithbstteamworkgiven.hta	Get hash	malicious	Cobalt Strike, Remcos	Browse	2.22.242.11
	filw.exe	Get hash	malicious	Stealerium	Browse	2.19.126.145
	Setup.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse	2.16.164.33
	250205-kc4a9aznbq_pw_infected.zip	Get hash	malicious	Unknown	Browse	2.19.11.120
	1VB7gm8.exe	Get hash	malicious	Vidar	Browse	2.19.126.145
	random.exe	Get hash	malicious	Amadey, LummaC Stealer, PureLog Stealer, RedLine, Vidar, XWorm, Xmrig	Browse	2.22.242.11
	random.exe	Get hash	malicious	Vidar	Browse	2.22.242.11
	hfzMMKRr0e.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	2.19.126.152
	hX2c2UOBSX.exe	Get hash	malicious	Vidar	Browse	2.19.126.145
	ijTwgZFLCu.lnk	Get hash	malicious	Unknown	Browse	2.19.126.145

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://bankingwithimpact.bigrocktraining.co.uk	Get hash	malicious	Unknown	Browse	104.17.25.14
	order confirmation.exe	Get hash	malicious	FormBook	Browse	104.21.80.1
	https://smartmanualspdf.com	Get hash	malicious	Unknown	Browse	104.18.30.234
	https://kftit2.kraftcpas.com:8040/Bin/ScreenConnect.ClientSetup.exe?e=Access&y=Guest&c=Outside%20Kraft&c=&c=&c=&c=&c=&c=&c=	Get hash	malicious	ScreenConnect Tool	Browse	1.1.1.1
	https://support.kraftcpas.com/sc.exe	Get hash	malicious	ScreenConnect Tool	Browse	1.1.1.1
	Iamgold.Policy-Staff POLICY-Payable.docx	Get hash	malicious	Unknown	Browse	172.67.74.163
	https://ssacheckapplication.com/ssa/SSsowlkfifa.html#Vk8c60ui5UhXraTC0mb9lDLTgWZ7nBkywESNpunZhxuG7xqXI27mAqf2WT1TlcSWGKcsVUiM2Rddbx2OCaiLJkwSIKL8icxY3mlGfB1ALCegeU6yTw1lDwxPJ9P7Qq25QFeyev847oxhKjAbmC082u9hYxP5KGq7BwnahiULtExBwx4DROOWjqbKZn3wrkq3NOolS7CjVMNV0SBHkLrCcgpLZ8Pa7xy9mkZnVNDsYO4OWax1enJ6rjVHChVtr3fZ58B3XDzeaDx1fRa0xUb9BNNClTDOaj9tfgUd5CIzX5Lr	Get hash	malicious	ScreenConnect Tool	Browse	23.227.38.32
	NOAH CRYPT.exe	Get hash	malicious	FormBook	Browse	104.21.64.1
	01976748 specification.exe	Get hash	malicious	GuLoader	Browse	104.21.48.1
	Quotation.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.32.1
AKAMAI-ASUS	https://kftit2.kraftcpas.com:8040/Bin/ScreenConnect.ClientSetup.exe?e=Access&y=Guest&c=Outside%20Kraft&c=&c=&c=&c=&c=&c=&c=	Get hash	malicious	ScreenConnect Tool	Browse	184.28.90.27
	https://ssacheckapplication.com/ssa/SSsowlkfifa.html#Vk8c60ui5UhXraTC0mb9lDLTgWZ7nBkywESNpunZhxuG7xqXI27mAqf2WT1TlcSWGKcsVUiM2Rddbx2OCaiLJkwSIKL8icxY3mlGfB1ALCegeU6yTw1lDwxPJ9P7Qq25QFeyev847oxhKjAbmC082u9hYxP5KGq7BwnahiULtExBwx4DROOWjqbKZn3wrkq3NOolS7CjVMNV0SBHkLrCcgpLZ8Pa7xy9mkZnVNDsYO4OWax1enJ6rjVHChVtr3fZ58B3XDzeaDx1fRa0xUb9BNNClTDOaj9tfgUd5CIzX5Lr	Get hash	malicious	ScreenConnect Tool	Browse	2.23.77.188
	https://locksmithkatytx.com/cgi-bin#example@email.com	Get hash	malicious	Unknown	Browse	23.38.98.114
	https://forms.office.com/e/7LDq5KR1M3	Get hash	malicious	Unknown	Browse	2.18.121.138
	https://forms.office.com/e/7LDq5KR1M3	Get hash	malicious	Unknown	Browse	2.18.121.138
	CARGA.shtml	Get hash	malicious	HTMLPhisher	Browse	184.28.89.233
	[BULK] Reminder Aziz Waseem - CRIB has invited you to collaborate on Box.eml	Get hash	malicious	Unknown	Browse	184.28.90.27
	teamviewer_w2xX-F1.exe	Get hash	malicious	Unknown	Browse	184.28.98.100
	teamviewer_w2xX-F1.exe	Get hash	malicious	Unknown	Browse	184.28.90.27
	https://www.flugger.pl	Get hash	malicious	Unknown	Browse	2.19.224.184
CWVodafoneGroupPLCEU	teamviewer_w2xX-F1.exe	Get hash	malicious	Unknown	Browse	2.23.209.50
	seethebestthingswithbstteamworkgiven.hta	Get hash	malicious	Cobalt Strike, Remcos	Browse	2.23.209.23
	FW_ NEW supplier inquiry.msg	Get hash	malicious	Unknown	Browse	2.23.209.34
	Rockwool Employee-efile.pdf	Get hash	malicious	Unknown	Browse	2.23.197.184
	21e71450-1e6b-4af3-5203-becea9c2fc1a.eml	Get hash	malicious	Unknown	Browse	2.23.197.184
	https://url.uk.m.mimecastprotect.com/s/H7TPCAnGzfNN17PsGfjTGLLrS?domain=mbf.cc	Get hash	malicious	Unknown	Browse	2.23.197.184
	maliciouspdf.pdf	Get hash	malicious	Unknown	Browse	2.23.197.184
	http://currentlyatt660.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	2.23.197.91
	0723Request.pdf	Get hash	malicious	Unknown	Browse	2.23.197.184
	0723Request2.pdf	Get hash	malicious	Unknown	Browse	2.23.197.184

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	https://nopaste.net/gFFvm8SLzB	Get hash	malicious	GO Backdoor, LummaC Stealer	Browse	104.21.48.1 104.21.32.1
	no. 04-138-24.docx	Get hash	malicious	Unknown	Browse	104.21.48.1 104.21.32.1
	BQuCS3qKSj.exe	Get hash	malicious	ScreenConnect Tool, PureCrypter, Amadey, AsyncRAT, LummaC Stealer, PureLog Stealer, zgRAT	Browse	104.21.48.1 104.21.32.1
	setup.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1 104.21.32.1
	7fOMOTQ.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1 104.21.32.1
	random.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1 104.21.32.1
	setup_patched.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1 104.21.32.1
	Setup.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1 104.21.32.1
	SETUP.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1 104.21.32.1
	Installer.exe	Get hash	malicious	LummaC Stealer, PureLog Stealer, zgRAT	Browse	104.21.48.1 104.21.32.1

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44432
Entropy (8bit):	6.087615467435856
Encrypted:	false
SSDEEP:	768:4MkbJ6eg6KzhXRLrDKwbuUXqgfbwPSbCXwLyG8B8FaAT7lPKlCvorQYqGwLWZkHD:4Mk16zRRvDKwlfCAL9T7FQaoTqfyW0ex
MD5:	8B38C0A1EFC06422D04469EA09DC976F
SHA1:	2D6A1D0265E74545C8DE8AAE7942EE001E6990FF
SHA-256:	3D62300A2F724C75B0C6172BFE6A52A2BF3D159C40EFFAAD36BF705043664A0A
SHA-512:	FC41068700BB565FDEFA0533CB501E2AEA5D15504D7B97B89171C8705E7BEF253BBC467D09DB08A66F48A509A861E3AF94D5E570BAB936177AE5C67A65183EB1
Malicious:	false
Reputation:	low
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"5a884ea6-1773-4940-b366-cd800a87bba9"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1739201011"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

Source: fuZxPIo6G7.exe	Virustotal: Detection: 41%			Perma Link
Source: fuZxPIo6G7.exe	ReversingLabs: Detection: 60%

Source: Joe Sandbox View	IP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox View	IP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox View	IP Address: 2.23.209.34 2.23.209.34

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49702 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49704 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49703 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50282 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50287 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50285 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50286 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50288 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50290 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50289 -> 104.21.32.1:443

Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.30
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.30
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.30
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.30
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.30
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.30
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.30
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.30
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107
Source: unknown	TCP traffic detected without corresponding DNS query: 18.173.219.84
Source: unknown	TCP traffic detected without corresponding DNS query: 18.173.219.84
Source: unknown	TCP traffic detected without corresponding DNS query: 18.173.219.84
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.82.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.82.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.82.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.82.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.82.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.82.11
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.30
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.30
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.30
Source: unknown	TCP traffic detected without corresponding DNS query: 23.48.224.230
Source: unknown	TCP traffic detected without corresponding DNS query: 23.48.224.230
Source: unknown	TCP traffic detected without corresponding DNS query: 23.48.224.230
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.116.107

Source: global traffic	HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.b70cb75853005ad9eaf6.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.5sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 750sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 3gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=2E3B6592F09948F5BCB591FABD07253A.RefC=2025-02-10T15:23:30Z; USRLOC=; MUID=1B81D3983B9F606A268DC6173A8661D9; MUIDB=1B81D3983B9F606A268DC6173A8661D9; _EDGE_S=F=1&SID=123A520B092C60E13D76478408EA61E7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.8ed343c804e9069b52b4.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.5sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 750sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 3gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=2E3B6592F09948F5BCB591FABD07253A.RefC=2025-02-10T15:23:30Z; USRLOC=; MUID=1B81D3983B9F606A268DC6173A8661D9; MUIDB=1B81D3983B9F606A268DC6173A8661D9; _EDGE_S=F=1&SID=123A520B092C60E13D76478408EA61E7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.f30eb488fb3069c7561f.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.36a9f5e4ed2130582a90.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.1a931d3ad0845b9189ad.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/ASuc5ohfQPNzGo5SSihcSk6msC8CUKw5id-p0KCEkBKwK2LS4AjdrDP0wa1qjzCTaTWEfyM52ADmUAdPETYA5vgD87UPEj6gyG11hjsvMLHGmzQgJ9F5D8s8Lo0Lbai5BQYAxlKa5esPJXukyaicyq83JwZ0HIWqzrjN/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_86_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=1B81D3983B9F606A268DC6173A8661D9; _EDGE_S=F=1&SID=123A520B092C60E13D76478408EA61E7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1739201014905&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=2e3b6592f09948f5bcb591fabd07253a&activityId=2e3b6592f09948f5bcb591fabd07253a&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=1B81D3983B9F606A268DC6173A8661D9; _EDGE_S=F=1&SID=123A520B092C60E13D76478408EA61E7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /b?rn=1739201014906&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1B81D3983B9F606A268DC6173A8661D9&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b2?rn=1739201014906&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1B81D3983B9F606A268DC6173A8661D9&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=130ca4d9ac6adbb7f3bd56e1739201016; XID=130ca4d9ac6adbb7f3bd56e1739201016
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1739201014905&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=2e3b6592f09948f5bcb591fabd07253a&activityId=2e3b6592f09948f5bcb591fabd07253a&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=576161C08EC4409C8131115DE4134E9D&MUID=1B81D3983B9F606A268DC6173A8661D9 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1B81D3983B9F606A268DC6173A8661D9; _EDGE_S=F=1&SID=123A520B092C60E13D76478408EA61E7; _EDGE_V=1; SM=T
Source: global traffic	HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 2.45sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 200sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=2E3B6592F09948F5BCB591FABD07253A.RefC=2025-02-10T15:23:30Z; USRLOC=; MUID=1B81D3983B9F606A268DC6173A8661D9; MUIDB=1B81D3983B9F606A268DC6173A8661D9; _EDGE_S=F=1&SID=123A520B092C60E13D76478408EA61E7; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=ed3e4c52-9ec2-432c-b8b1-47199e8a1a3a; ai_session=ijLsl1/xWer0retOdYdPIx\|1739201014898\|1739201014898; sptmarket_restored=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=2E3B6592F09948F5BCB591FABD07253A.RefC=2025-02-10T15:23:30Z
Source: global traffic	HTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":47,"imageId":"BB1msBhw","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=2E3B6592F09948F5BCB591FABD07253A.RefC=2025-02-10T15:23:30Z; USRLOC=; MUID=1B81D3983B9F606A268DC6173A8661D9; MUIDB=1B81D3983B9F606A268DC6173A8661D9; _EDGE_S=F=1&SID=123A520B092C60E13D76478408EA61E7; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=ed3e4c52-9ec2-432c-b8b1-47199e8a1a3a; ai_session=ijLsl1/xWer0retOdYdPIx\|1739201014898\|1739201014898; sptmarket_restored=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=2E3B6592F09948F5BCB591FABD07253A.RefC=2025-02-10T15:23:30Z

Source: f46f5664-d9cb-4a9b-b8b1-1e4fd290ad4a.tmp.6.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log9.6.dr	String found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log9.6.dr	String found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log9.6.dr	String found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
Source: fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: rc 'nonce-ALT8rqZqecf+bWmjBV8iX8MDE7KCHOM6XZSb3NI0Ezw=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob: equals www.youtube.com (Youtube)
Source: fuZxPIo6G7.exe, 00000001.00000003.1878375976.0000018658DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: rc 'nonce-ALT8rqZqecf+bWmjBV8iX8MDE7KCHOM6XZSb3NI0Ezw=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob:b equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: shubanorka22.shop
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa

File type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy (8bit):	6.727648482031226
TrID:	Win64 Executable (generic) (12005/4) 74.95% Generic Win/DOS Executable (2004/3) 12.51% DOS Executable Generic (2002/1) 12.50% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
File name:	fuZxPIo6G7.exe
File size:	2'658'240 bytes
MD5:	c742c78e2b1c5e835cadf8d4387b5ac7
SHA1:	c8670e8fc305bc541747ec21ff94d1d3453083f9
SHA256:	43ff34ad093a6bed2a59808a68065f356ad9e2b82f75ed03bc7f854c76465de5
SHA512:	1ca2d1204eb61414c1fb0ab8734135abd0ea40dbef3440fd177067f78962d15845ace11912a2e7dc7b85e0912c464bb7ac2ec1a4587985f5b28fb1fe84851fae
SSDEEP:	49152:SxqcuQq2YNN6Qd8HuJwtC6Y/Y3UZXJIG1gzxC2rXIYM+2jW7aaQybEzPvQOcGxEG:XEcIGor4YnyWDrgZ
TLSH:	78C54A2B51A5609AE3E7C07CE55A5752FC31764C0E39A7B724B683923730A2C9B7C372
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Z..g.................."..\|(.....W..........@..............................2.....kv)...`... ............................

Entrypoint:	0x140001157
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x6784DA5A [Mon Jan 13 09:18:18 2025 UTC]
TLS Callbacks:	0x4022ad10, 0x1, 0x4022add0, 0x1
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	117dda5495546ca5b8dc0feed2583093

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x326000	0x55c	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x329000	0x138	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x27c000	0x7500	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x32a000	0x404	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x27ace0	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x326188	0x120	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x22ae08	0x22b000	9a0e3ec77cbdf3202a58d085425ab271	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x22c000	0xe7a0	0xe800	5596a6d154ea4f50345be037a6242e24	False	0.7341392780172413	data	7.9048904208169395	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x23b000	0x40270	0x40400	824081aa8980f5f6ec288c2aa318dd8e	False	0.9030353234435797	data	7.882448109127048	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.pdata	0x27c000	0x7500	0x7600	3323d88a46234b13c74d18aa2160303b	False	0.5024165783898306	data	6.119693518530231	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.xdata	0x284000	0x5790	0x5800	0e846d97097e1363a2fc7e2f3adf4b4c	False	0.16597123579545456	, SYS \003\001P	3.439762805334953	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.bss	0x28a000	0x9bfc0	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x326000	0x55c	0x600	12f80e3656871a2c2d72c599c1975799	False	0.3600260416666667	data	3.9028741752317715	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0x327000	0x30	0x200	8afed638dc5c0e8badb9c857e17d8829	False	0.048828125	data	0.18805690608732903	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x328000	0x10	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x329000	0x138	0x200	37d379e30fa8ab845b2a31ce72bd0302	False	0.330078125	data	1.628555447902682	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x32a000	0x404	0x600	34feade0490ce3bb55f50e59493ae92b	False	0.4680989583333333	data	4.120861644868746	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

DLL	Import
ADVAPI32.dll	RegGetValueW, RegOpenKeyA, RegOpenKeyExW, RegQueryInfoKeyW, RegQueryMultipleValuesA
KERNEL32.dll	FormatMessageW, GetCurrentProcessId, GetLogicalDrives, GetProcAddress, InitializeCriticalSection, LoadLibraryA, SetUnhandledExceptionFilter, Sleep, TlsAlloc, TlsGetValue, TlsSetValue, VirtualFree, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualUnlock
msvcrt.dll	__C_specific_handler, atexit, calloc, exit, free, malloc, memcpy, memset, realloc, signal
USER32.dll	AdjustWindowRect

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 10, 2025 16:23:18.533255100 CET	59332	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:18.546479940 CET	53	59332	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:28.826155901 CET	52026	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:28.826359034 CET	55505	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:28.833149910 CET	53	52026	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:28.833441019 CET	53	55505	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:31.138981104 CET	50072	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:31.139142036 CET	57710	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:31.145787954 CET	53	57710	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:31.146413088 CET	53	50072	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:32.127953053 CET	57218	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:32.128066063 CET	61278	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:32.134963989 CET	53	61278	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:32.134979010 CET	53	57218	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:32.139411926 CET	64393	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:32.139805079 CET	63650	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:32.145644903 CET	53175	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:32.145797968 CET	57078	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:32.145935059 CET	53	64393	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:32.147375107 CET	53	63650	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:32.149693012 CET	54403	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:32.149885893 CET	63305	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:32.152827978 CET	53	57078	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:32.153088093 CET	53	53175	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:32.156735897 CET	53	54403	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:32.157094955 CET	53	63305	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:32.853885889 CET	51069	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:32.854217052 CET	51244	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:32.861517906 CET	53	51069	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:32.861944914 CET	53	51244	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:33.724654913 CET	62700	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:33.725358009 CET	53408	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:33.726372957 CET	49508	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:33.726878881 CET	53165	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:33.732832909 CET	53	62700	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:33.732877016 CET	53	53408	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:33.732969999 CET	53	49508	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:33.734193087 CET	53	53165	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:33.922261000 CET	52796	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:33.922508955 CET	54986	53	192.168.2.10	1.1.1.1
Feb 10, 2025 16:23:33.929191113 CET	53	52796	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:33.929234982 CET	53	54986	1.1.1.1	192.168.2.10
Feb 10, 2025 16:23:34.491163015 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:34.792603970 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:34.946790934 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:34.947310925 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:34.947704077 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:34.947716951 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:34.948206902 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:34.948702097 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:34.950431108 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:34.950593948 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:34.951163054 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:34.951255083 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:34.951344013 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:34.951457977 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:34.951566935 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:34.951663017 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.046308041 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.046323061 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.046331882 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.046343088 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.046758890 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.046830893 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.053474903 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.053498983 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.054966927 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.054976940 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.054986954 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.055000067 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.055010080 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.055378914 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.055526972 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.055636883 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.059055090 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.059370995 CET	52961	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.059756994 CET	59785	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.145584106 CET	443	49775	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.181519032 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.362085104 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.362648010 CET	52961	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.362847090 CET	59785	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.547502041 CET	443	59785	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.547629118 CET	443	59785	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.547739029 CET	443	59785	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.547770977 CET	443	59785	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.550848961 CET	443	52961	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.552411079 CET	443	52961	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.552424908 CET	443	52961	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.552437067 CET	443	52961	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.552450895 CET	443	52961	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.555216074 CET	59785	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.555327892 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.555608988 CET	59785	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.555712938 CET	59785	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.556118965 CET	52961	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.556512117 CET	59785	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.556770086 CET	59785	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.558392048 CET	52961	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.558523893 CET	52961	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.559807062 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.559828997 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.559848070 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.559866905 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.560187101 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.560597897 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.560772896 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.560892105 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.650985956 CET	443	59785	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.651000977 CET	443	59785	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.651031971 CET	443	59785	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.651041031 CET	443	59785	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.651051044 CET	443	59785	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.652662039 CET	59785	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.652930021 CET	59785	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.653525114 CET	443	59785	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.654792070 CET	443	59785	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.654814005 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.654824972 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.654881954 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.654891014 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.655004978 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.655181885 CET	443	59785	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.655456066 CET	59785	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.655870914 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.655980110 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.656469107 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.663355112 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.663414955 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.665750027 CET	443	52961	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.665765047 CET	443	52961	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.665767908 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.665812016 CET	443	52961	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.665822983 CET	443	52961	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.665832996 CET	443	52961	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.668188095 CET	52961	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.668391943 CET	52961	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.708709955 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.708746910 CET	52961	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.710179090 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.710452080 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.710488081 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.710500956 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.711199045 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.712415934 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.714808941 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.717998028 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.720180988 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.722454071 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.726830006 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.727839947 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.731146097 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.732395887 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.732795954 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.732918978 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.732966900 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.733041048 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.733315945 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.735498905 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.738810062 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.740942001 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.744297028 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.746373892 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.748212099 CET	443	59785	172.64.41.3	192.168.2.10
Feb 10, 2025 16:23:35.748765945 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.751030922 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.756211996 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.756424904 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.759706020 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.759764910 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.759815931 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.759860039 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.759903908 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.760009050 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.760027885 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.762079000 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.764365911 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.765850067 CET	443	52961	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.767091036 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.767419100 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.773015976 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.773552895 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.775155067 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.777240992 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.780639887 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.782736063 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.785065889 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.788191080 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.790357113 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.792634010 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.795993090 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.799138069 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.800174952 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.801640987 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.801698923 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.801748037 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.801808119 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.801856995 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.801906109 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.801961899 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.802010059 CET	59785	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.803462029 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.806334019 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.807831049 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.808511019 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.810636997 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.811634064 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.826761007 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.828593969 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.832246065 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.834258080 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.834743023 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.834825039 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.836277008 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.841834068 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.843240976 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.843651056 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.845376968 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.845619917 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.847295046 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.851001024 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.852322102 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.853831053 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.855087996 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.855216026 CET	49775	443	192.168.2.10	172.64.41.3
Feb 10, 2025 16:23:35.855707884 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.855724096 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.855844975 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.855859041 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.855870008 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.855889082 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.856009007 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.856021881 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.856034040 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.856050968 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.857652903 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.857712030 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.857856989 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.857904911 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.857964993 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.872744083 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.872777939 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.872832060 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.872879982 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.872894049 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.872920990 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.872934103 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.872946024 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.873229027 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.873281002 CET	443	58616	23.200.88.30	192.168.2.10
Feb 10, 2025 16:23:35.873382092 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.873467922 CET	58616	443	192.168.2.10	23.200.88.30
Feb 10, 2025 16:23:35.873519897 CET	58616<

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report fuZxPIo6G7.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\27db5017-650d-4370-82a8-2266f593c9b8.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\543414bd-ac2b-4a56-9a09-4f0670bd550c.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\67c34ab2-4a13-4ad5-8c50-595b081666af.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67AA19EE-16E8.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67AA19EE-17D0.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\27579c22-11f1-4d72-8eeb-4add09824c5b.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\864de8f0-f37d-498a-becc-214d1e291e63.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\96535802-ecd7-45a4-a624-0c3687dd533e.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Windows Analysis Report
fuZxPIo6G7.exe