Play interactive tourEdit tour

Windows Analysis Report
https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html#info.kundencenter-reseller-at@omv.com

Overview

General Information

Sample URL:	https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html#info.kundencenter-reseller-at@omv.com
Analysis ID:	1621003
Infos:

Detection

Score:	52
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Uses IPFS gateway to access IPFS content in browser (often used in phishing/scams)

Detected non-DNS traffic on DNS port

Queries the volume information (name, serial number etc) of a device

URL contains potential PII (phishing indication)

Classification

×

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html#info.kundencenter-reseller-at@omv.com

Avira URL Cloud: detection malicious, Label: phishing

Phishing

Uses IPFS gateway to access IPFS content in browser (often used in phishing/scams)

Source: https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html#info.kundencenter-reseller-at@omv.com

HTTP Parser: Gateway: ipfs.io

URL contains potential PII (phishing indication)

Source: https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html#info.kundencenter-reseller-at@omv.com

Sample URL: PII: info.kundencenter-reseller-at@omv.com

Compliance

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49989 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:54544 version: TLS 1.2

Networking

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.6:54541 -> 1.1.1.1:53

Connects to IPs without corresponding DNS lookups

Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253

Downloads files from webservers via HTTP

Source: global traffic	HTTP traffic detected: GET /ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html HTTP/1.1Host: ipfs.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Host: ipfs.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Host: ipfs.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Performs DNS lookups

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ipfs.io

URLs found in memory or binary data

Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: HxAccounts.exe, 0000000D.00000002.2985093179.000001D4F7251000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://test-exp-s2s.msedge.net/ab/
Source: HxAccounts.exe, 0000000D.00000002.2985093179.000001D4F7251000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://test-exp-s2s.msedge.net/ab/c780dddc8-18a1-5781-895a-a690464fa89ccacheMemoryFullNotificationPe
Source: HxAccounts.exe, 0000000D.00000002.2985093179.000001D4F7251000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://test-exp-s2s.msedge.net/ab/chttps://config.edge.skype.com/config/v1/cacheFileFullNotification
Source: HxAccounts.exe, 0000000D.00000002.2985093179.000001D4F7251000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://test-exp-s2s.msedge.net/ab/http://test-exp-s2s.msedge.net/ab/http://test-exp-s2s.msedge.net/a
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.aadrm.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.aadrm.com/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.cortana.ai
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.microsoftstream.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.office.net
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.onedrive.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://api.scheduler.
Source: HxAccounts.exe, 0000000D.00000002.2985062986.000001D4F722B000.00000004.00000020.00020000.00000000.sdmp, D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://app.powerbi.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://augloop.office.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://augloop.office.com/v2
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: HxAccounts.exe, 0000000D.00000002.2984992324.000001D4F7200000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://az804205.vo.msecnd.net/
Source: HxAccounts.exe, 0000000D.00000002.2984992324.000001D4F7200000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://az804205.vo.msecnd.net/f
Source: HxAccounts.exe, 0000000D.00000002.2984992324.000001D4F7200000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://az815563.vo.msecnd.net/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://canary.designerapp.
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/create-module
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://cdn.entity.
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://clients.config.office.net
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://clients.config.office.net/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: HxAccounts.exe, 0000000D.00000002.2985093179.000001D4F7251000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.edge.skype.com/config/v1/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: HxAccounts.exe, 0000000D.00000002.2985093179.000001D4F7251000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.edge.skype.net/config/v1/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://cortana.ai
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://cortana.ai/api
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://cr.office.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://d.docs.live.net
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://designerapp.azurewebsites.net
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://designerappservice.officeapps.live.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://dev.cortana.ai
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://devnull.onenote.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://directory.services.
Source: chromecache_46.3.dr	String found in binary or memory: https://docs.ipfs.tech/install/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://ecs.office.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://edge.skype.com/registrar/prod
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://edge.skype.com/rps
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://graph.windows.net
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://graph.windows.net/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://ic3.teams.office.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://invites.office.com/
Source: chromecache_46.3.dr	String found in binary or memory: https://ipfs.tech
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://lifecycle.office.com
Source: HxAccounts.exe, 0000000D.00000002.2995333422.000001D4FD538000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: HxAccounts.exe, 0000000D.00000002.2995333422.000001D4FD538000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://login.microsoftonline.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://login.microsoftonline.com/organizations
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: HxAccounts.exe, 0000000D.00000002.2995333422.000001D4FD552000.00000004.00000020.00020000.00000000.sdmp, D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://login.windows.local
Source: HxAccounts.exe, 0000000D.00000002.2995333422.000001D4FD552000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.windows.local/
Source: HxAccounts.exe, 0000000D.00000002.2995333422.000001D4FD552000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.windows.net
Source: HxAccounts.exe, 0000000D.00000002.2995333422.000001D4FD552000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.windows.net/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://make.powerautomate.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://management.azure.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://management.azure.com/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://management.core.windows.net/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://messaging.action.office.com/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://messaging.engagement.office.com/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://messaging.lifecycle.office.com/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://messaging.office.com/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://mss.office.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://ncus.contentsync.
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: HxAccounts.exe, 0000000D.00000002.2985018192.000001D4F7213000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nexus.officeapps.live.comSSLKEYLOGFILE=C:
Source: HxAccounts.exe, 0000000D.00000002.2985018192.000001D4F7213000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nexusrules.officeapps.live.comF
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://notification.m365.svc.cloud.microsoft/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://officeapps.live.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://officepyservice.office.net/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://onedrive.live.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://otelrules.azureedge.net
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://otelrules.svc.static.microsoft
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://outlook.office.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://outlook.office.com/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://outlook.office365.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://outlook.office365.com/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://outlook.office365.com/connectors
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://planner.cloud.microsoft
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://powerlift.acompli.net
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://prod.support.office.com/InAppHelp
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://pushchannel.1drv.ms
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://res.cdn.office.net
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://service.powerapps.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://settings.outlook.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://staging.cortana.ai
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://storage.azure.com/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://substrate.office.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://syncservice.o365syncservice.com/"
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://teams.cloud.microsoft/ups/global/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://templatesmetadata.office.net/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://webshell.suite.office.com
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://wus2.contentsync.
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://www.odwebp.svc.ms
Source: D08C5FA8-B357-457F-87BF-DA8874B089D1.7.dr	String found in binary or memory: https://www.yammer.com
Source: HxAccounts.exe, 0000000D.00000002.2995333422.000001D4FD4F2000.00000004.00000020.00020000.00000000.sdmp, HxAccounts.exe, 0000000D.00000002.2995333422.000001D4FD552000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xsts.auth.xboxlive.com
Source: HxAccounts.exe, 0000000D.00000002.2995333422.000001D4FD552000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xsts.auth.xboxlive.com/
Source: HxAccounts.exe, 0000000D.00000002.2995836221.000001D4FD571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xsts.auth.xboxlive.com5

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54543 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54544
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54543
Source: unknown	Network traffic detected: HTTP traffic on port 54544 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49989 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:54544 version: TLS 1.2

System Summary

Classification label

Source: classification engine

Classification label: mal52.phis.win@19/9@8/5

Creates files inside the user directory

Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe

File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData

Jump to behavior

Reads software policies

Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Spawns processes

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2020,i,17656776123996510468,5642945975055154821,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html#info.kundencenter-reseller-at@omv.com"
Source: unknown	Process created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
Source: unknown	Process created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2020,i,17656776123996510468,5642945975055154821,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Tries to load missing DLLs

Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: microsoft.applications.telemetry.windows.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: msoimm.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: mso40uiimm.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: mso30imm.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: mso20imm.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: office.ui.xaml.core.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: office.ui.xaml.word.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: vccorlib140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: vcruntime140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: msvcp140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: vccorlib140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: msvcp140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: vcruntime140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: vccorlib140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: vcruntime140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: msvcp140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: vcruntime140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: mso98imm.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: msvcp140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: mso50imm.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: vcruntime140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: msvcp140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: vcruntime140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: msvcp140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: msvcp140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: hxoutlook.model.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.storage.applicationdata.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: twinapi.appcore.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: hxcomm.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.applicationmodel.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.globalization.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: bcp47langs.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: bcp47mrm.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: onecorecommonproxystub.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.staterepositorycore.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.networking.connectivity.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.networking.hostname.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.energy.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: rmclient.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: rometadata.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: hxoutlook.view.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: office.ui.xaml.hxshared.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: hxoutlook.viewmodel.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: clipc.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: hxoutlook.resources.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: logoncli.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.ui.xaml.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: dcomp.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.ui.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windowmanagementapi.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: inputhost.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: onecoreuapcommonproxystub.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: dxgi.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: mrmcorer.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.staterepositoryclient.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: resourcepolicyclient.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: d3d11.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: d3d10warp.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: dxcore.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: d2d1.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: dwrite.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.shell.servicehostbuilder.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: execmodelproxy.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: uiamanager.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.ui.core.textinput.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.ui.immersive.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: dataexchange.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: profext.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: office.ui.xaml.hx.mail.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: threadpoolwinrt.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: twinapi.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.graphics.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: office.ui.xaml.hxcalendar.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.system.remotedesktop.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: winsta.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.ui.xaml.controls.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: directmanipulation.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.system.profile.systemid.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.system.profile.retailinfo.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: msxml6.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: winnsi.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: winrttracing.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: rasadhlp.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: fwpuclnt.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: schannel.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.staterepositoryps.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windowscodecs.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: photometadatahandler.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: ploptin.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: mskeyprotect.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: ntasn1.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: ncrypt.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: ncryptsslp.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: dpapi.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: webservices.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: uiautomationcore.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: userdataaccountapis.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: userdataplatformhelperutil.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: windows.accountscontrol.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: xmllite.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: accountsrt.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Section loaded: aphostclient.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: hxoutlook.model.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: microsoft.applications.telemetry.windows.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: mso20imm.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: vccorlib140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: vcruntime140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: msvcp140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: vcruntime140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: msvcp140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: mso30imm.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: vccorlib140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: vcruntime140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: msvcp140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: vcruntime140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: msvcp140_app.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.ui.xaml.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: bcp47langs.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: dcomp.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: twinapi.appcore.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.staterepositorycore.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.ui.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windowmanagementapi.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: inputhost.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: onecoreuapcommonproxystub.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: dxgi.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: resourcepolicyclient.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: office.ui.xaml.hxaccounts.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: d3d11.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: d3d10warp.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.storage.applicationdata.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: dxcore.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: d2d1.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: dwrite.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: hxcomm.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.applicationmodel.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.globalization.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: bcp47mrm.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: onecorecommonproxystub.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.networking.connectivity.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.networking.hostname.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.energy.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: rmclient.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: rometadata.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: mrmcorer.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.staterepositoryclient.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.shell.servicehostbuilder.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: execmodelproxy.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: uiamanager.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.ui.core.textinput.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.ui.immersive.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: dataexchange.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.accountscontrol.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: xmllite.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.security.authentication.web.core.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.ui.xaml.controls.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: vaultcli.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: directmanipulation.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: profext.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: winrttracing.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: hxoutlook.resources.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: msftedit.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: globinputhost.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windowscodecs.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: windows.graphics.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: wuceffects.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: threadpoolwinrt.dll			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Section loaded: uiautomationcore.dll			Jump to behavior

Uses an in-process (OLE) Automation server

Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32

Jump to behavior

Uses Rich Edit Controls

Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe

File opened: C:\Windows\SYSTEM32\msftedit.dll

Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Checks if Microsoft Office is installed

Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe

Key opened: \REGISTRY\A\{a7b6fd65-2423-be0c-a4d1-281f0d5e60b8}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office Test\Special\PerfImm

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Disables application error messsages (SetErrorMode)

Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Source: settings.dat.7.dr

Binary or memory string: VMware, Inc. VMware20,1

Language, Device and Operating System Detection

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation			Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation			Jump to behavior